Multi-Factor Authentication
Multi-Factor Authentication (MFA) increases the security of access to services by requiring multiple forms of verification.
What is MFA and when to use it?
MFA is used for extra security in addition to your university password. MFA is required to approve access to a number of services (such as Microsoft 365, VPN, Virtual desktop and Remote desktop).
How do I set up MFA?
If you haven’t used MFA recently, we would recommend you check your chosen MFA settings - you can view and change these at any point.
In order to set up Multi-Factor Authentication (MFA), you will need:
- A computer, such as desktop/laptop PC or Macbook, which will be used to set up your MFA account
- A mobile device (mobile phone or tablet/iPad), which will be used to approve access
- Your university login details
There are a variety of ways to approve authentication. This will depend on the device you have and your preferred method, as listed below:
Authentication methods
| Method | Description |
|---|
| Microsoft Authenticator app |
This is the recommended method as it offers the best experience if using a smartphone. It can be used for push notifications or verification code. |
| Verification code |
This method can be used with the Microsoft app or other apps that can be installed on laptop or desktop PCs and doesn’t require internet. Use this method if you don't have a phone. |
| Text message |
This is a simple method, however it does require mobile phone signal to receive an SMS text. An alternative for those with no smartphone. |
Watch our video instructions to set up the Microsoft Authenticator app.
If you use the Microsoft Authenticator app, you may see a number on-screen when logging into a system that requires MFA approval. Simply enter that number into the Microsoft Authenticator app to log in. If you have configured your device to opt-in to phone sign-in, as outlined in Part 3 of setting up the Authenticator app, you will no longer need to enter your password.
Microsoft introduced number matching to help eradicate the risk of accidental MFA approval should your account be targeted by criminals.
Need help?
Check our FAQs for some common questions asked. If you need help with the MFA set up instructions or have questions about the approval methods, you can ask our IT support teams. Find out more here:
Help and support
Instructions to set up MFA
Follow the instructions below for your preferred authentication method.
Approve access via Microsoft Authenticator app
Notify me though the Microsoft app
Follow the steps below in Part 1 and Part 2. You can also watch a video of these steps on MediaSpace.
Part 1 - Install Microsoft Authenticator from your app store (on your mobile device)
We recommend the 'Microsoft Authenticator' app because it is the only authenticator application that supports push notifications, which are required by some services and offers the best experience.
You may first need to set up an account on the relevant app store in order to download the app.
Download and learn more on the Microsoft website.
Part 2 - Configure MFA (on your computer and mobile device)
Once the 'Microsoft Authenticator' app is installed on your mobile device, visit the MFA configuration page, by clicking the below button, on your computer and then follow the steps below:
Configure MFA
- You will need to login using your university email address and password. If you haven't set up MFA previously, you will then be prompted with the message "More information required".
- Click 'Next'. This will take you directly to the Microsoft My Sign-Ins webpage where you will be asked to download the Microsoft Authenticator app (as per Part 1), once installed, click 'Next'.
- Open the Microsoft Authenticator app on your mobile device, if prompted, allow notifications. Then select 'Add account (+)' on the Accounts screen and select 'Work or school account'.
- Then select the 'Scan QR code' option.
Note: You may be prompted to allow the app to access the camera on your mobile device. Please choose allow (or similar). If your camera isn't working properly, you can enter the QR code and URL manually.
- On your computer, click 'Next', a QR code will be displayed on-screen, scan it with the app and click 'Next'.
- An approval notification will be sent to your mobile device, approve this by entering the number shown on-screen into the app and select 'Yes'.
- Once approved, click 'Next'. This completes the set up, click 'Done' to finish.
Top tip: when using MFA to approve sign in requests, we recommend having the app open and ready.
Part 3 - Enable phone sign-in (recommended action)
What is phone sign-in?
Phone sign-in is a Microsoft feature that allows users to authenticate MFA requests using their smartphone alone – no password is required.
What is the benefit of enabling phone sign-in?
Passwords are a primary target for cybercrime. Phone sign-in helps to mitigate this risk as you will not need to remember passwords or worry about others stealing them. Phone sign-in makes logging into systems quicker and more secure.
What steps do I need to follow to start using phone sign-in?
In order to start using phone sign-in, you must follow the steps below. You can complete these steps now.
- Open the Microsoft Authenticator app on your phone (or install it if you haven’t already)
- Your email address is displayed – click on it
- Select ‘Set up phone sign-in’
- Follow the instructions in the app to finish registering your account for phone sign-in
If you use the Microsoft Authenticator app on more than one phone, you will also need to follow the above steps on your other phone(s).
What will I see when logging into a system that requires MFA?
Once you have enabled phone sign-in, the next time you log onto a system that requires MFA, such as Microsoft 365, you will be prompted to enter your password as usual. After doing so, you should then see an option saying ‘Use app instead’ - click on this to start using phone sign-in.
You may see a page saying ‘Request has not been sent’ in place of a number. This simply means there is a pending authentication that has not been approved/ denied within the app. You will need to open and approve or deny the authentication.
If you do not currently use the Microsoft Authenticator app to log into systems, you will experience no change and you will be able to log into your systems as usual.
What if I don’t follow the steps above?
We strongly recommended you enable phone sign-in on your phone. It is more secure, and you will no longer need to enter your password into systems that use MFA.
If you do not enable phone sign-in, you will need to enter your email address and password into systems, followed by the number matching element in the Microsoft Authenticator app.
If you have any questions, please contact the IT Service Desk in the first instance.
Approve access via a verification code
Use verification code from app or token
Using the verification code method, you can set up an app of your choice on a mobile device or laptop / desktop computer.
You may first need to set up an account on the relevant app store in order to download the app.
Part 1 - Install an authenticator app (on your mobile or computer)
Choose an authenticator app, here are some suggestions:
There are other apps available. Part 2 gives generic instructions for setting up the verification code method. However, we have more detailed guides on Workspace for Authy and WinAuth.
Part 2 - Configure MFA (on your computer and authenticator device)
Once the authenticator app of your choice is installed on your mobile device or computer (laptop / desktop), visit the MFA configuration page, by clicking the Configure MFA button, on your computer and then follow the steps below.
Configure MFA
Generic instructions
- You will need to login using your university email address and password. If you haven't set up MFA previously, you will then be prompted with the message "More information required".
- Click 'Next'. This will take you directly to the Microsoft My Sign-Ins webpage where you will be asked to download the Microsoft Authenticator app (this is the recommended option).
- If you cannot use this app or wish to use an alternative authenticator, click 'I want to use a different authenticator app'.
- In the menu that appears, click the 'Authenticator app' option in the list.
- Click 'Confirm'.
- Now open your chosen authenticator app on your mobile or computer and select Add / Add Account.
- Click 'Next' on the computer and a QR code will be displayed.
- Using your authenticator app, scan the QR code.
Note, if you cannot use a camera to scan the code, click the 'Can't scan image?' button. This will display the Account name and Secret key text, use this information to set up the authenticator app.
- Once scanned QR code or entered the Secret key, click 'Next'.
- Now enter the six-digit code shown in the authenticator and click 'Next'.
- This completes the set up, click 'Done' to finish.
- We recommend you set up another method of approval, for example phone or email - you can do this anytime by signing into the Microsoft My Sign-ins page.
Finally, sign into portal.office.com to access your university Microsoft 365 account. Enter the six-digit code displayed in the authenticator app on your device and click 'Verify' to sign in.
Top tip: when using MFA to approve sign in requests, we recommend having the app open and ready.
Approve access via text message
Text code to your authentication phone number
Before you start, have your mobile phone ready and in range of signal to receive text messages.
Note: Users with a Chinese mobile phone number should not use this authentication method. Please use the Microsoft Authenticator app or Verification code as an alternative.
When ready, visit the MFA configuration page by clicking the below button on your computer and then follow the steps.
Configure MFA
- You will need to login using your university email address and password. If you haven't set up MFA previously, you will then be prompted with the message "More information required".
- Click 'Next'. This will take you directly to the Microsoft My Sign-Ins webpage where you will be asked to download the Microsoft Authenticator app (this is the recommended option) - if you cannot use this app, click 'I want to set up a different method'.
- In the menu that appears, click the 'Phone' option in the list.
- Then click 'Confirm'.
- Now choose your phone country code (e.g., +44 for UK) and enter your phone number.
- Then click 'Next'.
- Now enter the 6 digit code sent to your phone and click 'Next'.
- You will then have a message saying "SMS verified. Your phone was registered successfully.".
- Click 'Next'.
- You will then be asked to download the Microsoft Authenticator app - if you cannot use this app, click 'I want to set up a different method'.
- From the menu select another option, for example 'Email' and click 'Next'.
- Now enter a secondary email address and click 'Next'.
- Now enter the code sent to your email and click 'Next'.
- This completes the set up, click 'Done' to finish.
Finally, sign into portal.office.com to access your university Microsoft 365 account. You will be sent a verification code to your phone. Enter the code and click 'Verify' to sign in.
Top tip: when using MFA to approve sign in requests, we recommend having your mobile phone ready.
Frequently Asked Questions
Below are some common questions that may help you. Click on a question to show the answer.
I don’t have a smartphone, which option should I choose?
If you have a SIM enabled mobile phone, then
text message is a good option providing you have network signal. You can also use
verification code as a second authentication method and vice versa. We recommend adding a phone number regardless as this can be used as a backup approval method.
I don’t have a mobile phone. How should I authenticate?
Users with no phone can use
verification code on a desktop app on a laptop / desktop PC. There are options for both Windows and macOS. We have some instructions for Authy (supports most operating systems) and WinAuth (for Windows).
I cannot use my chosen authentication device right now. What should I do?
If you are prompted for authentication and you cannot use your default authentication method, you may have an option to use an alternative method as described below:
- You should get an option if you have added your mobile number or set up another app. For example, Microsoft will display a link saying "I can't use my Microsoft Authenticator app right now".
- The wording might be different depending on your chosen authentication method. When you click the link, you would be shown some alternative methods to verify your identity, e.g. verification code or text message.
If you cannot update your settings to approve authentication then you may need to request that MFA is reset on your account. For reset requests, please contact the IT Service Desk (staff or students) or the Smart Bar (students only).
I use Microsoft PowerAutomate (Flow). Will this be affected?
Users with any PowerAutomate Flows set up may need to access PowerAutomate and confirm who you are via the new MFA process. Instructions can be found on
SharePoint.
For further FAQs, visit the Securing 365 SharePoint site.
Self Service requests
Related services