Services

Aalto Multifactor Authentication on Office 365 accounts

Multifactor Authentication (MFA) is a method of confirming user’s identity with two or more pieces of evidence when signing on to a system or a service.

Users can enhance security of Aalto Office 365 accounts by registering for multifactor authentication service. More information about multifactor authentication service can be found below.

Multifactor Authentication – What it is?

Multifactor Authentication (MFA) is a method of confirming user’s identity with two or more pieces of evidence when signing on to a system or a service.

MFA services use two or more authentication methods mentioned below:

  • Something you know (typically a password).
  • Something you have (a trusted device that is not easily duplicated, like a phone).
  • Something you are (biometrics).

Why Multifactor Authentication?

  • MFA brings an additional layer of security to your user account.

In addition to the username and password, the attacker would need access to the extra authentication method you’ve defined.

  • MFA is already in use at organizations around the world and can be considered a standard.

How to take MFA into use?

Register for the multifactor authentication service. You can do it on either mobile or your workstation.      

Mobile      

  • Download and install Microsoft Authenticator app from your mobile store. (remember to accept notifications sent by the app!).

Mobile/Workstation

  • Go to https://aka.ms/mfasetup for MFA.
  • Sign in with your Aalto email address.
  • Follow the instructions on the screen. 

NOTE! When MFA registration is mandatory for your organisation, you can postpone the registration for 14 days, if you are not able to do the registration at that very moment. 

Animation of the screens on the multifactor authentication process

Detailed instructions

After signing in to https://aka.ms/mfasetup with your Aalto email address you are prompted to download the Microsoft Authenticator app.

If you have already downloaded the app, you can just click/tap "Next". If not, download the app. Proceed to next page.

  1. In the application: Add a new account and choose "Work or school account".
  2. In the registration screen: Proceed to the next page.
  3. Scan the QR Code on the screen with the application, or, on mobile, tap on "Pair your account to the app by clicking this link."
  4. Proceed to the next page.
  5. Approve the notification that is sent to test the connection. 
  6. Once approved you'll see a text "Notification approved" on the screen. Proceed to the next page.
  7. All set (almost)! Click Done. In the opening Security info view, we strongly recommend that you add an additional authentication method, e.g. a SMS code authentication. This is critical in case you e.g. change phones or lose your phone.

NOTE! MFA is ENABLED into use approximately 2 hours after the registration.

How to use the multifactor authentication

MFA is in use only outside of the Aalto network when signing into Office 365 services.

1) In addition to regular signing in, additional approval is asked you.

2) Office 365 service will send a notification to your registered Authenticator app for approval.

3) Once you have approved authentication you are signed into service/application.

Step by step instructions on how to use MFA service

 

Optional ways to use MFA

If you for some reason cannot use the preferred method (the Authenticator app and its notifications), here are the two optional ways to use the MFA service:

  1. SMS (text message) verification
  2. Verification code from mobile app, works without mobile network

1. SMS (text message) verification

If you already have your phone number in the system, you will see the following screen, and receive a text message to the registered number to verify it is you:

MFA_optional_way_SMS_more_information_required
MFA_optional_way_SMS_setup_different_method

 

 

If you don’t have your phone number registered, you’ll see this screen. Select I want to set up a different method.

MFA_optional_way_SMS_setup_different_method_1-4

1. Select I want to set up a different method.

2. Select Phone.

3. Confirm.

4. Add your phone number and select Text me a code.

MFA_optional_way_SMS_setup_different_method_5-8

5. You will receive a code in the number you chose. You can also ask to resend the code.

6. Add the code you received.

7. This view confirms if you’ve added the matching code.

8. To finish the process, click Done.

2. Verification code from mobile app (works without mobile network)

If you haven't already done it, start by registering your account to the Authenticator app as instructed in the chapter How to take MFA into use? Once done, follow these steps when signing in with MFA:

MFA_Verification_code_from_mobile_app

1. When receiving the prompt to use MFA, select Sign in another way.

2. From the opening view, select Use a verification code from my mobile app. Open the Authenticator app, and you should see the Accounts view.

3. Copy the code from the Aalto University account (has your email address mentioned alongside the account) and enter it here.

4. You're signed in. If you want to receive fewer sign-in prompts, you can select Yes here. Now you're directed to wherever you were signing in.

FAQ - Frequently Asked Questions

How I sign in if I lose my phone?

  • MFA is active when signing in from outside of Aalto Network. If you use VPN or sign in a Aalto network you are not required to sign in with MFA. If you do not recover your phone please send ticket to Aalto IT Service Desk.

Can I use multiple phones?

  • Yes MFA supports registration of multiple phones.

Is MFA signing required when I use Office 365 apps/browser with my mobile phone?

  • Yes, mobile phones apps support also MFA.

Where my phone number or email address are stored when I register?

  • They are stored in the Aalto tenant. The registration details are only visible to the Aalto Office 365 admins. 

Can I Opt-out from MFA ?

  • MFA will be required for Office 365 services in the future and you can't opt out. Currently if you have tested it and would want to opt out until MFA is mandatory, you can do so by requesting it via a ticket to Aalto IT Service Desk.

 

User feedback of MFA is more than welcome. You can provide feedback to following link

This service is provided by:

IT Services

Did you find what you were looking for? If not, please contact us.
  • Published:
  • Updated:
Share
URL copied!