Multi-Factor Authentication (Azure)
Multi-Factor Authentication (MFA) helps protect your account from unauthorised access by preventing someone from logging in solely with a username and password.
Effective account security requires at least two of the following:
- Something you know (e.g. password, PIN)
- Something you have (e.g. physical key, time-based code)
- Something you are (e.g. fingerprint, facial recognition)
Cyber attacks are often prevented by MFA as attackers will only have a single factor of authentication, usually a password which is something you know.
What is protected by MFA?
You will need to use MFA when you log into Microsoft 365 and some other services protected by your Microsoft 365 login, such as VPN.
You may already use a similar app when logging into other applications and services such as MYOB, Xero and many online banking services.
How often do you need to complete MFA?
MFA is required at different intervals depending on the application or service. Microsoft 365 services (including Outlook, OneDrive and SharePoint) will only require you to complete MFA the first time you sign into it on a device and every 180 days after that. Some other services, such as VPN, will require MFA each day you log in as they are of higher risk.
Microsoft Authenticator
The Microsoft Authenticator app gets installed on your mobile phone and provides MFA for Microsoft 365. When you are required to provide an extra factor of authentication, you can either:
- Approve a notification sent to your phone
- Enter a short, numeric code from the app on your phone
The app will also be required if you need to reset your Microsoft 365 or computer login password.
Setting up Microsoft Authenticator for MFA
Download the app on your phone
Open the App Store (on iPhone) or Google Play (on Android, e.g. Google, Samsung) and download the Microsoft Authenticator app.
If you can't find the app, click on the button or scan the QR code applicable to your phone below.
|
|
|
|
Register your account
You must complete the MFA registration process on a computer located in your office. If you are working remotely, you should remote into your work computer and perform the steps.
Register your account by going to https://aka.ms/mfasetup and follow the steps. You will be required to provide two forms of authentication:
- Microsoft Authenticator app
- Mobile number
These authentication methods will also allow you to reset your own password if you forget it in the future.
If you need help with the registration process, please see the video below.
If you are experiencing issues with the registration process, please contact the Private Universe Helpdesk.
How to use MFA
MFA will be required when a Microsoft 365 sign-in is required. The login page will look similar to this:
Enter your email address and work computer password as normal. You will then be asked to approve a sign-in request from the Microsoft Authenticator app on your mobile:
Your phone should receive a notification from the Microsoft Authenticator app. Tap on the notification and approve the request when prompted. It should look like this:
Do not approve the request if you are not trying to sign into something.
Deny the request and report it as fraud so we can investigate.
If you are located in China and use an Android phone (e.g. Samsung, Huawei, Xiaomi), you will not receive a notification when signing in. You will have to manually open the Microsoft Authenticator app and either approve the sign-in request or enter the 6-digit code you see after tapping on your account.
After approving the sign-in request on your mobile phone, your computer should then let you into the application you're signing into.
Apple, the Apple logo, iPhone, and iPad are trademarks of Apple Inc., registered in the U.S. and other countries and regions. App Store is a service mark of Apple Inc. Google Play and the Google Play logo are trademarks of Google LLC.