Solving common issues with Multi-factor Authentication
A guide to overcoming difficulties with using Multi-factor Authentication (MFA)
MFA is a security process where you provide more than one form of verification factor in order to access an account. For example, as well as entering a username and password, you also provide a verification code sent to a mobile phone by text or call in order to confirm your identity and gain access.
If you have any issues with this service, please initially try the following troubleshooting steps.
If you don't have your device with you, you can't use it to verify your identity.
If, when you previously set up your MFA verification methods you added an alternative method to sign in to your account, for example you added your landline as an additional means of verification, you can use this alternative method to verify who you are. When you are prompted to verify your details, select Sign in another way, and then Verify and you will be taken through the next stages of the process.
If you didn't add an alternative verification method, you can either:
Contact the IS Helpline (if you're a member of staff)
Contact EdHelp via the Self Service Portal (if you're a student) - log in required
Your settings will be cleared, and you will be prompted to set up MFA again.
If the device you are using to verify your details is lost or has been stolen, you should change your University account password to keep your account secure. Once you have done this, you should arrange to have your MFA settings cleared. You should either:
Contact the IS Helpline (if you're a member of staff)
Contact EdHelp via the Self Service Portal (if you're a student) - log in required
After your settings have been cleared, the next time you sign in to your account you will be prompted to set up MFA again.
You can visit the Information Security site for more guidance about keeping mobile phones and tablets safe and secure:
Security for mobile phones and tablets
For security reasons, University users cannot turn off MFA themselves.
Requests for MFA to be disabled need to be judged on a case-by-case basis. Please contact us to discuss:
Contact the IS Helpline (if you're a member of staff)
Contact EdHelp via the Self Service Portal (if you're a student) - log in required
Once you have signed up for the service and have set up your MFA verification method(s) you may not receive a prompt to verify your details just because you haven't opened an application that triggers the process. If you want to ensure you have successfully set up MFA and check that it is working, you can do the following:
Open an Incognito or InPrivate browser window and navigate to the web address: https://www.outlook.com/ed.ac.uk. If your MFA is working properly, this should always trigger a prompt for you to verify your details.
If you have signed up and you are not prompted for verification, this may be because you have not set up your verification device. If you know you haven't set up your device or verification methods yet, then you should follow the How to set up MFA guidance on the MFA service page:
Multifactor Authentication service
After this is you are still not prompted for verification, you should either:
Contact the IS Helpline (if you're a member of staff)
Contact EdHelp via the Self Service Portal (if you're a student) - log in required
If your phone number has changed and you set up MFA using your phone to receive texts or calls to verify your identity, you will need to update your MFA settings to include the new number. Doing this will ensure your verification prompts go to the right place.
To update the phone number you're using to verify your details you should go through the following steps:
1. Log in to Office 365
https://www.office365.ed.ac.uk/
2. Select Account manager from the top right hand menu and select View account
3. Select Security info from the My Account left hand menu
4. You will see your Default sign-in method displayed under Security info. Select the Change option
5. Select the phone verification method you're using (either call or text) from the Change default method options
6. You can then update your phone number by selecting Change next to the existing number and entering the new number
7. You will either receive a call or a text to the new number when the change has occurred.
You may like to change your MFA settings to include an alternative method of verification which you can rely on as a back-up way to verify your details in case of problems. For example, if your MFA is set up to receive texts or calls to your mobile but you frequently have poor signal and therefore can't receive the verification prompts, you can add a landline number as an alternative.
To update your verification methods you should go through the following steps:
1. Log in to Office 365
https://www.office365.ed.ac.uk/
2. Select Account manager from the top right hand menu and select View account
3. Select Security info from the My Account left hand menu
4. You will see your Default sign-in method displayed under Security info.
5. Select the Add method option
6. Select Alternate phone, and then Add and enter the number of the alternative phone.
If you want to use a new mobile device for MFA, you will need to update the MFA verification methods you previously set up.
If you set up MFA to receive verification codes by call or text to a mobile device and you want to make sure the verification prompts go to the right place, you should follow the guidance for Updating MFA settings: New/changed phone number.
If you set up MFA with the Microsoft Authenticator App, you should go through the following steps on the new mobile device to ensure it is registered for MFA on your account:
1. Log in to Office 365
https://www.office365.ed.ac.uk/
2. Select Account manager from the top right hand menu and select View account
3. Select Security info from the My Account left hand menu
4. You will see your Default sign-in method displayed under Security info.
5. Select the Add method option
6. Choose Authenticator App - you will be prompted to install the app on the new mobile device.
If you having problems with the verification method you're using - for example if you struggle to receive text messages with verification codes on your phone because you're in an area of low signal, or you are finding the Authenticator app difficult to use - you may want to change the way you verify your details in the MFA process.
To change your verification method you should go through the following steps: (if you want to switch to the Authenticator app you will need to go through this process on the device you want to use to install the app)
1. Log in to Office 365
https://www.office365.ed.ac.uk/
2. Select Account manager from the top right hand menu and select View account
3. Select Security info from the My Account left hand menu
4. You will see your Default sign-in method displayed under Security info. Select the Add method option
5. Select the method you want to add, e.g. Authenticator app and then follow the instructions to set this up
6. If you want to remove an existing method, select Delete beside the details of that method.
If you set up MFA to receive verification codes to your phone by text or call but you are not receiving the codes, this could be for two reasons:
1. Receiving verification codes relies on your phone signal, so if you are in an area with no or low signal you might not receive codes by text or call until you move to an area with a better signal.
2. You may have reached your limit on verification codes or texts or calls. Try waiting a few minutes and if this doesn’t work restart your mobile device. If this doesn’t solve the problem you should either:
Contact the IS Helpline (if you're a member of staff)
Contact EdHelp via the Self Service Portal (if you're a student) - log in required
You may encounter difficulties with the MFA process if you are travelling, or if you are based outside the UK.
If you have chosen to verify your details by receiving verification codes by calls or texts to a mobile device, you should be aware that this relies on your phone signal. If you are likely to have a poor phone signal due to travelling, it may be better to set up the Microsoft Authenticator app as your verification method, as this does not rely on connectivity to work.
You should set up the Authenticator app before travelling, and you should also check guidance beforehand as some countries have additional restrictions and conditions of use - for example:
Microsoft Authenticator for Android in the public cloud in China (External site link - to Microsoft)
Microsoft also provides instructions on installing the Authenticator app,
Download and install the Microsoft Authenticator app (External site link - to Microsoft)
If you have set up MFA to verify by entering a code received in a text or phone call you may encounter one of these scenarios:
1. I didn't enter the code in time and now it won't work
The codes sent are programmed to expire after a few minutes, therefore you should enter these as soon as possible for the verification to succeed. If you are delayed in entering the code, and it has expired, you should close the Microsoft application you are using and re-open it. This will prompt a new code to be sent by Microsoft and you should enter this new code as soon as possible to verify your details.
2. Nothing happens when I enter the code
If the process doesn't progress when you enter the code to verify it may have timed out for security reasons. If this happens, you should close the Microsoft application you are using and re-open it. You should then be prompted to restart the process.
If you receive an MFA request that appears unusual or when you're not trying to actually connect to a University MFA-secured service (e.g. Azure Virtual Desktop or, for some users, Office 365), DO NOT authenticate it and instead immediately contact the IS Helpline sending them a screenshot of the request. They will investigate the matter.