The information in this article can be downloaded for printing out:

Multi-factor authentication (PDF 1MB)

About multi-factor authentication (MFA)

Multi-factor authentication (MFA) is a security mechanism that requires you to provide two or more pieces of evidence to authenticate your identity. For example, logging in to a website at home may also require you to approve the access via an app on your mobile phone or to enter a code sent to it. This provides an additional layer of security to ensure your account is not compromised.

MFA and Microsoft 365

Access to Microsoft 365 outside of the University network requires a second form of identification using a mobile device. An authenticator app should be downloaded to your mobile phone, or if this is not possible, an authentication code can be sent to you via SMS.

You will need to set up MFA when you first log in to Microsoft 365. After setting it up, make sure your mobile phone is available nearby when you sign in to Microsoft 365 in case you need to reconfirm your identity.

Once MFA is set up on your mobile phone, your ongoing access to Microsoft 365 will be linked to it.

If you lose or replace your phone, you will need to contact AskOtago for assistance:

Tel +64 3 479 7000
Freephone 0800 80 80 98 (within New Zealand)
Email askotago.it@otago.ac.nz

Multi-factor authentication (MFA) methods

During the MFA setup process, Microsoft will ask “How should we contact you?” [to perform MFA checks as you log in]. The two methods used by the University of Otago are:

Mobile app (preferred)

Download the “Microsoft Authenticator” app to your mobile phone. When you sign in to Microsoft 365, Microsoft will request a one-time code from the app or will send the app a “please approve this login” message for you to approve.

Authentication via mobile phone

If you are unable to use the authenticator app, Microsoft can send an SMS (text message) code to your mobile phone for you to enter on the Microsoft 365 login page.

The University’s Cyber Security Team strongly recommends that you use the “Microsoft Authenticator” app on your mobile phone as your MFA method, as it provides the highest level of security for your account and University of Otago data.

The University of Otago recommends the following MFA options in order of preference:

For staff

  1. Microsoft Authenticator on University-owned/personal mobile device.
  2. SMS/phone call to University-owned/personal mobile device.
  3. Authy application installed on your own laptop (i.e. not a shared device).
  4. Token2 Physical Key if none of the above are suitable.

For students

  1. Microsoft Authenticator on University-owned/personal mobile device.
  2. SMS/phone call to University-owned/personal mobile device.
  3. Authy application installed on your own laptop (i.e. not a shared device).

Setting up the Microsoft Authenticator App on an iPhone

  1. Open your App Store, search for Microsoft Authenticator, download it, and open it.

    Screenshot showing Microsoft Authenticator in the App store
  2. When prompted, choose to Allow notifications and tap OK on the screen that mentions data gathering.

    Screenshot showing Authenticator would like to send you notifications message and option to Allow Screenshot of allow data gathering screen during set up of Microsoft Authenticator
  3. Tap the Skip link at the bottom until you get to the screen asking if you are Here for work? On that screen, tap Add work account.

    Screenshot of here for work? screen during Microsoft Authenticator set up

Setting up MFA on campus

Sign in to Microsoft 365 for the first time using your University of Otago email address and password. Then go to the MFA set-up page and follow the instructions:

https://aka.ms/mfasetup

You can also see these instructions from step 9 in the off-campus section below.

The following Microsoft video will guide you through the steps:

How to register for Azure Multi-Factor Authentication

Setting up multi-factor authentication from off-campus/at home

  1. Open a new web browser session with no other tabs running. You don’t need to use the University’s VPN Service to access Microsoft 365 online when you are off-campus. Go to the Microsoft 365 sign in page and click the Sign in button.

    Screenshot of front page of Microsoft 365 with option to Get Microsoft or Sign in

  2. Enter your University of Otago email address, then press the Next button.

    Screenshot showing sign in to Microsoft 365 with your staff email address

  3. If you are presented with a choice of accounts to sign in to (as shown in the screenshot below), select Work or School account.

    Screenshot showing choice of accounts to use with Microsoft 365
  4. Enter your University of Otago username and password, then click Sign in.

    Screenshot of sign in page for ADFS at the University
  5. In the More Information required window, press Next.

    Screenshot of more information required window in Microsoft 365
  6. In Step 1: How should we contact you? use the drop-down option to change it to Mobile App.

    Screenshot of how should we contact you page in Microsoft 365

  7. Select the Use verification code radio button and click Set up.

    Screenshot of additional security verification page in Microsoft 365

  8. This will bring up the Configure mobile app window displaying a QR code. Leave this window open and go to your mobile phone.

    Screenshot of Configure mobile app page with QR code in Microsoft 365

  9. Hold your phone camera over the QR code displayed on your computer to scan it.

    Scanning QR code on your phone
     
  10. The mobile app setup is now complete, so click the Next button on your computer.

    Screenshot of additional security verification in Microsoft 365 - moving on with setup
  11. Add your mobile phone number as a back-up and click Finished.

    Screenshot of adding your mobile phone number in Microsoft 365
  12. You will be prompted to sign in to Microsoft 365 again. (Note that there is a link allowing you to Sign in another way. This can be used to send you an SMS if you have difficulty with the authenticator.)

    Screenshot of approve sign-in request in Microsoft 365
  13. Signing in will send a notification to your phone. Approve this on your phone. (Remember that your phone needs mobile data or Wi-Fi switched on and notifications enabled for the Microsoft Authenticator app so that it can receive the notification).

    Screenshot of approving your sign-in on Microsoft Authenticator
  14. You can also tick the box on the prompt to stay signed in while your computer is on.

    Screenshot of Stay signed in? window in Microsoft 365
  15. You will see a page showing that you have set up all the security features. You can close this tab and return to Microsoft 365.

    Screenshot showing confirmation of security features page in Microsoft 365

Updating your preferred MFA verification method

If you have previously set up MFA to send an SMS for verification, and now want to change your preferred verification method to use the Microsoft Authenticator app, go to the MFA setup page: https://aka.ms/mfasetup

Click on the Sign in another way link and follow the instructions above to set up the Microsoft Authenticator app as your preferred verification method.

Resetting your MFA configuration

If you experience any issues with your installed MFA and need to start again, please contact AskOtago for assistance:

Freephone 0800 80 80 98 (within New Zealand)
Tel +64 3 479 7000
Email askotago.it@otago.ac.nz

Last updated 09/08/2021 02.20 PM

Did this answer your question?