Multi-factor-authentication

Multi-Factor Authentication (MFA) is another level of protection to your account on top of your password. This can be a notification sent to a personal device to confirm it is in fact yourself logging in. The College uses MFA when logging in to Office 365 applications.

Why Use MFA?

MFA adds an extra layer of protection to your account. This means if your account is compromised and your details are shared, it will be even more difficult to gain access to the account. This protects yourself and the College’s data.

Configuring MFA

After MFA has been enabled on your account you will need to configure the options that best suit you the first time you logon to Office 365. MFA requires you to use a personal device that you will have on-hand with you; we recommend you download the Microsoft Authenticator app to your phone. Use the below instructions to set up MFA on your account.

On your phone, visit the App Store (iPhone) or Play Store (Android) to download and install the Microsoft Authenticator app. Ensure that you allow it to use your camera and send notifications when it prompts you.
On your computer, go to your MySign-Ins Microsoft account page
Click Add method.
On the Add a method window, ensure Authenticator app is selected from the list, and click Add.
On the Start by getting the app window, click Next.
On the Set up your account window, click Next.
On your phone, open the Authenticator app. If you’re asked for an unlock code, that’s your phone’s PIN (it may alternatively require your fingerprint or retina scan if you’ve set up either of those methods on your phone).
Click the menu button (three dots) and then Add account.
Click Work or school account.
Click Scan a QR code. If the app asks for permission to use your camera, click Allow.
The app should then open a QR code scanner. Point your camera at the QR code on your computer screen.
Click Next on the computer.
Click Enable phone sign-in or Approve on your phone. You may also need to unlock the app using your phone’s PIN, your fingerprint or retina scan.
Click Next on your computer.
Click Set default sign-in method, or Change if there’s already one set.
Select Microsoft Authenticator – notification from the list, and click Confirm.

In case you are unable to access your mobile phone for some reason (e.g. your phone has run out of battery or you have lost your phone), make sure you set up a secondary method. Learn how to set up a secondary method from the FAQs below.

The Microsoft help web pages also offer in-depth instructions on how to use Microsoft Authenticator with Microsoft 365.

Frequently asked questions

Who can use MFA?

Do I have to use MFA each time I login?

For most applications that people connect to they will have the option to trust this device for 30 days and will therefore not be constantly prompted to MFA. However, some systems require additional security and therefore will prompt every time.

Does MFA work in my country?

The MFA service we are using is provided by Microsoft – so if Office365 (email, teams, SharePoint etc.) is available in your country, so should the authentication service. Find out more about Microsoft’s availability regions.

MFA does work in China, however, there are some limitations if you are using the Android App as not all Google Services are available in China – Find out more.

Does MFA work over Wi-Fi?

Yes, the Microsoft Authenticator App works on both Wi-Fi and mobile connections.

How do I add a second multi factor method?

Please go to Microsoft Sign-ins security page
Select “Add method” at the top of the options box.
You can then choose from a selection of methods.
see screen shot below for guidance:

How do I set a default second multi factor method?

Please go to Microsoft Sign-ins security page
Select “Change” next to “Default sign-in method: Microsoft Authenticator – notification Change”
Change default method to “Microsoft Authenticator – notification“.
see screen shot below for guidance:

I can't add MFA to my iOS mail client?

Please delete your existing College account from your iOS mail client and start again.

I use my phone to check my emails, will MFA affect this?

Most email applications provide support for MFA so users will be prompted to MFA every 30 days.

Linux users: Thunderbird v78 or higher supports MFA.

Apple users: iOS 11, iPadOS 13.1 and macOS 10.14 and above native mail client supports MFA.

Some older email clients don’t support MFA. Please check the vendor’s website to see if they support modern authentication.

Is MFA a College requirement?

Is there an alternative to using a phone?

Need to contact ICT?

Please use the information buttons below to contact the ICT team.