The information in this article can be downloaded for printing out:
About multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a security mechanism that requires you to provide two or more pieces of evidence to authenticate your identity. For example, logging in to a website at home may also require you to approve the access via an app on your mobile phone or to enter a code sent to it. This provides an additional layer of security to ensure your account is not compromised.
MFA and Office 365
Access to Office 365 outside of the University network requires a second form of identification using a mobile device. An authenticator app should be downloaded to your mobile phone, or if this is not possible, an authentication code can be sent to you via SMS.
You will need to set up MFA when you first log in to Office 365. After setting it up, make sure your mobile phone is available nearby when you sign in to Office 365 in case you need to reconfirm your identity.
Once MFA is set up on your mobile phone, your ongoing access to Office 365 will be linked to it.
If you lose or replace your phone, you will need to contact AskOtago for assistance: Tel +64 3 479 7000 or 0800 80 80 98 Email email@example.com
- Multi-factor authentication (MFA) methods
- Setting up the Microsoft Authenticator app on an iPhone
- Setting up MFA on campus
- Setting up MFA off-campus/at home
- Updating your preferred MFA method
- Resetting your MFA configuration
During the MFA setup process, Microsoft will ask “How should we contact you?” [to perform MFA checks as you log in]. The two methods used by the University of Otago are:
Mobile app (preferred): Download the “Microsoft Authenticator” app to your mobile phone. When you sign in to Office 365, Microsoft will request a one-time code from the app or will send the app a “please approve this login” message for you to approve.
Authentication via mobile phone: If you are unable to use the authenticator app, Microsoft can send an SMS (TXT) code to your mobile phone for you to enter on the Office 365 login page.
The University’s Cyber Security Team strongly recommends that you use the “Microsoft Authenticator” app on your mobile phone as your MFA method, as it provides the highest level of security for your account and University of Otago data.
The University of Otago recommends the following MFA options in order of preference:
|Microsoft Authenticator on University-owned/personal mobile device||Microsoft Authenticator on University-owned/personal mobile device|
|SMS/phone call to University-owned/personal mobile device||SMS/phone call to University-owned/personal mobile device|
|Authy application installed on your own laptop (i.e. not a shared device)||Authy application installed on your own laptop (i.e. not a shared device)|
|Token2 Physical Key if none of the above are suitable|
- Open your App Store, search for Microsoft Authenticator, download it, and open it.
- When prompted, choose to Allow notifications and tap OK on the screen that mentions data gathering.
- Tap the Skip link at the bottom until you get to the screen asking if you are Here for work? On that screen, tap Add work account.
Sign in to Office 365 for the first time using your University of Otago email address and password. Then go to the MFA set-up page and follow the instructions:
You can also see these instructions from step 9 in the off-campus section below.
The following Microsoft video will guide you through the steps:
- Open a new web browser session with no other tabs running. You don’t need to use the University’s VPN Service to access Office 365 online when you are off-campus. Go to the Office 365 sign in page and click the Sign in button.
- Enter your University of Otago email address, then press the Next button.
- If you are presented with a choice of accounts to sign in to (as shown here), select Work or School account.
- Enter your University of Otago username and password, then click Sign in.
- In the More Information required window, press Next.
- In Step 1: How should we contact you? use the drop-down option to change it to Mobile App.
- Select the Use verification code radio button and click Set up.
- This will bring up the Configure mobile app window displaying a QR code. Leave this window open and go to your mobile phone.
- Hold your phone camera over the QR code displayed on your computer to scan it.
- The mobile app setup is now complete, so click the Next button on your computer.
- Add your mobile phone number as a back-up and click Finished.
- You will be prompted to sign in to Office 365 again. (Note that there is a link allowing you to Sign in another way. This can be used to send you an SMS if you have difficulty with the authenticator.)
- Signing in will send a notification to your phone. Approve this on your phone. (Remember that your phone needs mobile data or Wi-Fi switched on and notifications enabled for the Microsoft Authenticator app so that it can receive the notification).
- You can also tick the box on the prompt to stay signed in while your computer is on.
- You will see a page showing that you have set up all the security features. You can close this tab and return to Office 365.
If you have previously set up MFA to send an SMS for verification, and now want to change your preferred verification method to use the Microsoft Authenticator app, go to the MFA setup page: https://aka.ms/mfasetup
Click on the Sign in another way link and follow the instructions above to set up the Microsoft Authenticator app as your preferred verification method.
If you experience any issues with your installed MFA and need to start again, please contact AskOtago for assistance:
Tel +64 3 479 7000 or 0800 80 80 98