Information about Email services for University of Edinburgh staff and students.
The guidance linked shows you how to access your University email on a web browser, computer or mobile device and includes a variety of useful FAQs.
Microsoft's email platform provided with The University's Office 365 subscription at no additional cost. As well as emails, Office 365 brings into view your meetings, chat conversations, notes and files across your devices. This service also integrates student timetables and shifts for frontline workers.
Phishing is a serious security threat to the University of Edinburgh. Phishing attacks target personally identifiable information, and if this falls into the wrong hands it can cause both financial and reputational damage to the University and its employees. These attacks are often launched by including malicious links or attachments in an email. When recipients open these attachments or click links, it can spark an attack.
Universities are regularly targeted by phishing attacks that look like official communications about password changes, email quotas, pay/benefits changes, etc. Some are quite convincing and it can be difficult for staff and students to spot these malicious emails.
As part of our efforts to protect against phishing scams, we have added an advisory warning banner on all incoming email messages from external senders.
The banner appears as a horizontal strip of text. It is clearly visible and a constant reminder of the risks associated with clicking links in emails.
The following sample illustrates how the banner appears in email messages:
Are all messages with the warning banner dangerous?
The warning banner does not mean the email is malicious, only that recipients should exercise caution. Do not click on links or open attachments in messages with which you are unfamiliar. All email originating from outside the university will be tagged with this message.
If I reply to the email, will the banner be visible to the recipient?
The banner will be visible unless you choose to manually delete it before you send the reply. An increasing number of Universities and other organisations are using similar banners, so the banner will not necessarily cause offence.
Can I opt out of the warning banner?
No, users may not opt out of the warning banner. Due to technical limitations we are not able to apply the banner to only some users.
Where can I find advice about dealing with email phishing?
Some phishing emails have an appearance of a trusted sender, so you should always be vigilant. If you're ever unsure, you can do some basic checks yourself.
- Clicking to expand sender details in the 'From' field
- Hovering over a web link or copying it into a text file to inspect where the link goes
Our colleagues in InfoSec offer helpful tips and further advice about ways in which you can detect malicious email:
The update is brought to you jointly by Information Security and the Email Service Working Group who continually work in partnership to help make your email messaging safer. You can rate or comment this change here
Multifactor Authentication pilot
Information Services Group are trialling a form of Multifactor Authentication with email and Teams in Office 365. If you would like to be part of this, you can opt into our early preview pilot release.
The pilot period will run for the next few weeks. It will involve using Multifactor Authentication to access your Office 365 accounts and feeding back information about your experience of this process through a Microsoft Teams channel (you will be added to the channel once you decide to opt in to the pilot).
You can take part in the pilot if you use a University supported device or a device using the University’s Virtual Private Network (VPN).
To take part in the pilot, you will need to have either a mobile or landline phone or a tablet which you are prepared to use for verifying your details.
Multifactor Authentication (MFA) is an approach to online security that requires you to provide more than one form of verification detail to access an account, log in or complete a transaction online.
Also known as ‘Two-step verification’, MFA adds an extra layer of protection to things you do online. It is used regularly for online transactions like banking, shopping and using payment websites like PayPal.
Signing into online services has been traditionally been done with just one type of verification factor, for example a username and password. Only using one type of verification is not very secure because usernames and passwords can be easy for cyber criminals to discover, meaning your accounts can be fraudulently accessed and your data compromised.
MFA is a more secure approach because it requires you to verify in more than one way, as an added check to ensure you are who you say you are.
Different types of verification factor include:
Something you know – like a username and password
Something you have – like a mobile phone or tablet on which you can receive and respond to verification requests
For MFA to work as it is supposed to, it should involve at least two different kinds of factors to reduce the chance of fraud. Cyber criminals may be able to discover your password but they can’t easily steal your phone as well.
Using MFA significantly increases the security of accounts, and therefore helps keep your personal data, and the University’s data secure. If MFA is used, it makes it much harder for hackers to damage University networks – they may be able to obtain account details by sending scam emails, but they would also need to be in possession of the authentication device in order to access the phished account.
By running this pilot, we want to understand what the experience of using MFA is like, to help guide decisions about whether MFA should be rolled out more widely in the future.
If you decide to join the pilot, you will be prompted to set up MFA. This will occur up to one hour after you have opted in. To set up MFA, you will need a mobile phone, a landline phone or a tablet to use as your second means of authentication.
There are three main methods to set up for the MFA process, these are as follows:
Mobile phone verification – by SMS or text message
Mobile phone or tablet – through the Microsoft Authenticator app.
Once you have set up MFA, when you go to access Outlook and Teams (within Office 365), you will be asked to log in as usual.
You will then be prompted to verify your details using your second authentication factor. Depending on the way you chose to set up MFA, this may be done by entering a numeric code from an SMS message, or phone call or it may be activating a prompt on the Authenticator app.
You won’t need to do the second authentication step every time you sign in, but you may be prompted if you change the way you normally access Office 365. For example, if you access your account from a different device or location this may act as a triggers for MFA as these changes in behaviour may indicate an attempt to compromise your details.
When you decide to opt in to the pilot you will be added to a Microsoft Teams channel where you can share your experiences of using MFA.
In this channel we may operate quick polls and surveys to gather more information about your experiences of using MFA with your University account.
If a problem occurs, for example, you get locked out of your account, you should contact the IS Helpline. IS Helpline will guide you through a process to verify your identity. This process will never involve asking for your passwords or factor details – you should not share these with anyone.
Contact the IS Helpline
Yes. This is a trial period so you can opt out of the pilot if you wish to. Just contact the IS Helpline to arrange this.
Contact the IS Helpline
How to opt in to the MFA pilot
If you would like to opt into the pilot, simply tap or click the button below. You can take part in the pilot if you use a University supported device or a device using the University’s Virtual Private Network (VPN). You will also need to have either a mobile phone, landline phone or tablet which you are prepared to use to verify your details.
Email directory and other related services
Search the directory of email address contacts, get added to the directory or opt-out, see the directory policy.
Create mailing lists to reach out to your target user group audience with a single mailshot.
Advice about services which generate email, safe delivery of email, rejection errors explained and more.