Multi-factor Authentication service - Office 365

Multi-factor Authentication (MFA) is an approach to online security that requires you to provide more than one form of verification detail to access an account, log in or complete a transaction online.  

Also known as ‘Two-step verification’, MFA adds an extra layer of protection to things you do online. It is used regularly for online transactions like banking, shopping and using payment websites like PayPal.  

Signing into online services has been traditionally been done with just one type of verification factor, for example a username and password. Only using one type of verification is not very secure because usernames and passwords can be easy for cyber criminals to discover, meaning your accounts can be fraudulently accessed and your data compromised.  

MFA is a more secure approach because it requires you to verify in more than one way, as an added check to ensure you are who you say you are.

Different types of verification factor include:  

• Something you know – like a username and password  

• Something you have – like a mobile phone or tablet on which you can receive and respond to verification requests  

For MFA to work as it is supposed to, it should involve at least two different kinds of factors to reduce the chance of fraud. Cyber criminals may be able to discover your password but they can’t easily steal your phone as well.

Using MFA significantly increases the security of accounts, and therefore helps keep your personal data, and the University’s data secure.

If MFA is used, it makes it much harder for hackers to damage University networks – they may be able to obtain account details by sending scam emails, but they would also need to be in possession of the authentication device in order to access the phished account.  

If you decide to sign up for this service,  you will first be prompted to set up MFA. This involves choosing the way you would like to verify your details - for example, you may choose to set up your mobile phone to receive verification codes by text which you will enter to verify who you are and access your accounts.

You will be prompted to set up MFA up to one hour after you have signed up. 

There are various ways to set up MFA and depending on which one you choose, you will need either a mobile phone, a landline phone or a tablet to use as your verification method.

There are several ways to set up MFA. These are sometimes called verification methods and they include the following:   

1. Verification by a call- set up your landline or mobile to receive a call with a code to enter to verify your details

Set up MFA to receive calls to a phone (External site link to Microsoft)

2. Verification by a SMS or text message - set up a mobile device to receive a text message with a code to enter as the means of verification

Set up MFA to receive text messages to a mobile (External site link to Microsoft) 

3. Verification through the Microsoft Authenticator app - install the app on your mobile phone or tablet and use this to verify your details. 

Instructions to download and install the Microsoft Authenticator app (External site link to Microsoft) 

If you sign up for the service, you will need to choose one of these methods to set up MFA.

Watch Microsoft video 'Registering for Multifactor Authentication' on YouTube to compare methods (3 minutes)

If you like, you can set up MFA using more than of these methods - if you do this you will have an alternative method as a back-up to verify your details in case the first method doesn't work. For example, you could choose to set up MFA using text message verification but also install the Microsoft Authenticator app so that if you can't receive texts due to poor mobile signal, you can verify your details through the app.   

Once you have set up MFA, when you access Outlook and Teams within Office 365, you will be asked to log in as usual. 

You will then be prompted to verify your details using your verification method. Depending on the way you chose to set up MFA, this may be done by entering a code from an SMS message or a phone call or it may be activating a prompt on the Authenticator app on your mobile device.  

You won’t need to do the verification step every time you sign in, but you may be prompted to verify if you change the way you normally access Office 365. For example, if you access your account from a different device or location this may act as a trigger for MFA as this change in behaviour may indicate an attempt to compromise your details.

If you get locked out of your account, you should contact the IS Helpline. IS Helpline will guide you through a process to verify your identity and restore access to your accounts. This process will never involve asking for your passwords or factor details – you should not share these with anyone.

Contact the IS Helpline

If you encounter other problems with MFA, you can refer to our Troubleshooting Guide for MFA: 

Solving common issues with MFA

Yes. You can opt out of the service if you wish to. Just contact the IS Helpline to arrange this.  

Contact the IS Helpline