Quick guide to Multi-Factor Authentication for accounts accessing Microsoft Office services online, including Oracle Finance & MyHub.
Multi-factor authentication (‘MFA’) helps secure your University account and data from attackers. MFA adds an additional layer of security (something you have, e.g. a mobile phone) to your account to ensure that it’s you using your account.
Initially, IT Services will just be implementing MFA on access to Office 365, Oracle Finance & HyHub systems. The system keeps a history of your usage so if you attempt to access these services from an unfamiliar location or device, you may be prompted for MFA or be asked to change your password, depending on the perceived risk. Whilst using a University device at work, you should not be prompted for MFA, as IT Services have enhanced the security of these devices.
MFA works best by using a mobile phone as this is something most people normally carry with them. Please consider using your personal and desk phone when setting up MFA on your account if the event of your primary method of access is unavailable. If none of these options are suitable, IT Services can provide physical tokens (like credit cards / key fob).
Even with MFA enabled, please check addresses of web sites used to enter your account details. Malicious people are making copies for website that look very familiar to try and dupe people.
Remember that we will never send an email containing a link asking you to alter or verify your personal details so if you receive one please take advice before doing anything with it. Contact the sender (not by email), or get in touch with IT Services: ring 01332-591234, email email@example.com or follow the "IT Service Centre" link under "Resources@Derby" on the StaffID home page.
What changes will I see?
When visiting a website secured by your University ID, you may get message to verify your account after you have entered your password.
This will give you a range of options you have setup to do this:
The system will confirm it has sent a request:
1. Upon MFA being enabled on your account, you will see this message when visiting the links at the top of Staff iD (Office 365, One Drive, Mail, Profile) or by directly going to sites such as office.com:
2. Clicking ‘Next’ will allow you setup the first authentication method.
This can be completed either with an automated phone call where you will be asked to press the # button, or a text message, which will contain a six-digit code.
3. Click ‘next’ on text message allows you to enter the code received:
4. Once complete you will be presented with this page. Once you have set up a first (‘primary’) authentication method, it’s best to
setup additional methods to allow multiple options to access your account in case, for example, if you leave your primary phone at home.
5. To setup additional authentication methods, visit https://account.activedirectory.windowsazure.com click on your name and then your profile.
We strongly recommend that you do this so that you are not locked out of your account at an unfortunate time, eg when travelling abroad:
6. From the profile page, click on ‘additional security verification’ (You can also administer your settings for self-service password resets on this page).
7. Once here, please setup as many options as you can.
IT Services recommend using the Microsoft ‘Authenticator’ app on your mobile phone. You can do this by clicking on the ‘Set up Authenticator app’ button.
Although there are other authenticator apps available, you will need to use the Microsoft ‘Authenticator App’. For more information visit
Once setup, you can change this to be the default option, which allows authorisation with a click of a button.
• Add a link to Staff iD to allow easy access to the profile page: https://account.activedirectory.windowsazure.com