Multifactor Authentication service - Azure Virtual Desktop
Staff and students are invited to sign up for a Multi-factor Authentication service being run by Information Services.
University users of the Azure Virtual Desktop service, which provides them access to applications not available to be installed on their own computers, need to make use of Multi-Factor Authentication (MFA) in order to access it.
A mobile or landline phone (or a tablet) can be used in order to set up MFA and to verify your details. Alternatively, if you have a Windows computer, you can use Authy without needing a separate device.
Background on the MFA service
Multi-factor Authentication (MFA) is an approach to online security that requires you to provide more than one form of verification detail to access an account, log in or complete a transaction online.
Also known as ‘Two-step verification’, MFA adds an extra layer of protection to things you do online. It is used regularly for online transactions like banking, shopping and using payment websites like PayPal.
Signing into online services has been traditionally been done with just one type of verification factor, for example a username and password. Only using one type of verification is not very secure because usernames and passwords can be easy for cyber criminals to discover, meaning your accounts can be fraudulently accessed and your data compromised.
MFA is a more secure approach because it requires you to verify in more than one way, as an added check to ensure you are who you say you are.
Different types of verification factor include:
-
Something you know – like a username and password
-
Something you have – like a mobile phone or tablet on which you can receive and respond to verification requests
For MFA to work as it is supposed to, it should involve at least two different kinds of factors to reduce the chance of fraud. Cyber criminals may be able to discover your password but they can’t easily steal your phone as well.
Using MFA significantly increases the security of accounts, and therefore helps keep your personal data, and the University’s data secure.
If MFA is used, it makes it much harder for hackers to damage University networks – they may be able to obtain account details by sending scam emails, but they would also need to be in possession of the authentication device in order to access the phished account.
There are several ways to set up MFA. These are sometimes called verification methods.
PLEASE NOTE: It is recommended that, where possible, you set up MFA using more than one of these methods so you will have an alternative method as a back-up to verify your details in case the first method doesn't work.
For example:
- You could set up MFA using text message verification but also install the Microsoft Authenticator app so that if you can't receive texts due to poor mobile signal, you can verify your details through the app.
- Alternatively you could choose to set up MFA using the Authenticator app on a mobile phone or tablet AND provide a landline phone number to receive a call in case your mobile phone or tablet is mislaid.
Setup Methods
1a. Verification through the Microsoft Authenticator app (recommended method) - install the app on your mobile phone or tablet and use this to verify your details.
Instructions to download and install the Microsoft Authenticator app (External site link to Microsoft)
OR 1b. Verification through the Authy Authenticator app - if you don't have access to a smartphone then the Authy app is an alternative authenticator that can be used on laptops and desktop computers
Instructions to download and install the Authy Authenticator app
2. Verification by a SMS or text message - set up a mobile device to receive a text message with a code to enter as the means of verification
Set up MFA to receive text messages to a mobile (External site link to Microsoft)
3. Verification by a call- set up your landline or mobile to receive a call with a code to enter to verify your details
Set up MFA to receive calls to a phone (External site link to Microsoft)
If you sign up for the service, you will need to choose one of these methods to set up MFA.
Watch Microsoft video 'Registering for Multifactor Authentication' on YouTube to compare methods (3 minutes)
Once you have set up MFA, when you access apps in Azure Virtual Desktop, you will be asked to log in as usual.
You will then be prompted to verify your details using your verification method. Depending on the way you chose to set up MFA, this may be done by entering a code from an SMS message or a phone call or it may be activating a prompt on the Authenticator app on your mobile device.
You won’t need to do the verification step every time you sign in, but you may be prompted to verify if you change the way you normally access Office 365. For example, if you access your account from a different device or location this may act as a trigger for MFA as this change in behaviour may indicate an attempt to compromise your details.
If you get locked out of your account, you should contact the IS Helpline. IS Helpline will guide you through a process to verify your identity and restore access to your accounts. This process will never involve asking for your passwords or factor details – you should not share these with anyone.
If you encounter other problems with MFA, you can refer to our Troubleshooting Guide for MFA:
Solving common issues with MFA
If you receive an MFA request that appears unusual or when you're not trying to actually connect to Azure Virtual Desktop, DO NOT authenticate it and instead immediately contact the IS Helpline sending them a screenshot of the request. They will investigate the matter.
Access to Azure Virtual Desktop applications require MFA. Requests for opting out of MFA need to be judged on a case-by-case basis. Please contact the IS Helpline to discuss this.
Troubleshooting MFA issues
Solving common issues with MFA
Still need help?