Multi-Factor Authentication (MFA)
The ICT Service has introduced Multi-Factor Authentication (MFA) and an improved Self-Reset Password Portal (SRPP) to all its members.
Here below you may find the step by step procedure on how to setup MFA methods and how to login to your EUI email (and related Office 365 apps like OneDrive, SharePoint and Teams) as well as VPN via MFA.
To complete the setup of the Multi-Factor Authentication, ALL these steps need to be done:
- Define your preferred authentication method(s): THIS GUIDE
- Update your Operating System and Email Client
- Reconfigure your Email Client
- Restart your computer (not just your Email client)
- Congratulations: YOU ARE ALL SET!
Follow the below steps to setup your preferred Multi-Factor Authentication method. The method(s) you choose will thereafter be available to sign into your EUI Email (whether Outlook or Webmail), Office 365 environment (including OneDrive for Business, SharePoint, Teams, etc.) and VPN.
Additionally, the method(s) you choose will be shared for Password Recovery as well!
- Open your preferred browser and follow this link:
https://aka.ms/MySecurityInfo
- Login using your EUI email address and password
- If you are shown the Security info page, proceed with the next step, else click on Security info in the left menu:
Figure 1: Security info menu item
- Click on + Add method
- Choose an authentication method from the drop-down among those available (for a full outline of each method, see Authentication Methods further below):
Figure 2: Choosing an authentication method to configure
- You need to define at least one authentication method, but it is strongly suggested to setup additional ones in case the first one cannot be used for any reason.
All authentication methods are shared with the
Self-Reset Password Portal, allowing you to reset a forgotten password by using the same options you configured for the MFA!
- For each method you setup, you will immediately be asked to verify it by either inserting the code you receive (e.g. by SMS text or email) or by answering to the phone call (see Authentication Methods further below for details):
Figure 3: Verifying the newly introduced authentication method
- Once you have configured at least one authentication method, it will show up next to Default sign-in method: you can click any time on Change in order to choose your preferred method from the drop-down menu (as long as you have configured at least two methods):
Figure 4: Selecting a default sign-in (login) method
You are all set both for MFA as well as Password Recovery!
ICT Service strongly suggests to pick more than one of the below methods just in case your preferred one cannot be used for any reason!
Microsoft Authenticator App
Use a FREE App which constantly generates One-Time Codes even while offline (no internet connection needed!). Each code is valid for 30 seconds before expiring, after which a newly generated one has to be used.
To access, enter the 6 digit code generated by the App (for example, 123456) in the login screen (see Autheticating via MFA further below for details).
The Microsoft Authenticator app is available on Android, iOS as well as Microsoft devices. It needs to be installed on your mobile and linked to your EUI account first: see Installing and Setting Up Microsoft Authenticator for step-by-step instructions).
Phone
A mobile number to be called to or where a text (SMS) message can be sent to:
If you choose to receive a call, you will have to listen to a recorded message (in English): if you approve the login, press the # key on your phone when asked to [1].
If you choose to receive a text (SMS) message, a 6 digit One-Time Code will be sent to you, similar to the following:
"123456 Use this code for Microsoft verification"
To access, enter the 6 digit pin (in the above example, 123456) in the login screen (see Autheticating via MFA for details).
Alternate phone
An alternate mobile or fixed number which can only be called to:
You will have to listen to a recorded message (in English): if you want to confirm the access, press the # key on your phone when asked to [1].
Office phone
Your EUI office phone, if any. This field will already be populated by the system if you have an EUI office extension assigned to you by your Unit of affiliation.
You will have to listen to a recorded message (in English): to access, press the # key on your phone when asked to.
Please note the office phone can not be defined as default authentication method!
Email
An alternate (non-EUI) email address: this option can be used to reset a forgotten password ONLY (see Reset Password via MFA for further details)!
Anytime you can add, remove, update or set an existing method as default one except for the Office phone, which is always enabled and updated automatically based on information available on the EUI Directory.
- Open your preferred browser and follow this link:
https://aka.ms/MySecurityInfo
- Login using your EUI email address and password
- If you are shown the Security info page, proceed with the next step, else click on Security info in the left menu:
Figure 5: Security info menu item
- Change or remove any option by clicking on Change or Delete next to each method:
Figure 6: Changing or deleting an authentication method
- Add a new method by clicking on + Add method
Figure 7: Adding an authentication method
- Change the Default sign-in method by clicking Change next to it and selecting any already configured one from the drop-down menu:
Figure 8: Selecting a default sign-in (login) method
Your first experience signing in via Multi-Factor Authentication will slightly differ depending on whether you have already setup MFA methods or not:
If you try to sign in into Outlook, Webmail, Office 365 environment (including SharePoint and PowerBI), Skype for Business, OneDrive for Business before having setup any MFA method, after inputting your EUI credentials you will immediately be prompted to configure MFA:
Figure 9: Mandatory MFA configuration
If this is the case, we strongly suggest to Close your browser or App (that is, to NOT follow on-screen instructions/do NOT click on Next!) and instead follow our guide for Setting Up Authentication Methods further above, as it allows you to setup several methods and choose your preferred one amongst them.
If you happen to follow on-screen instructions (that is, click on Next instead) you will be initially allowed to configure a mobile phone only!
However, you will still be able to add and change your preferred method at a later stage, as described here.
If you try to sign in into Outlook, Webmail, Office 365 environment, Skype for Business, OneDrive for Business or SharePoint having already setup MFA methods, after inputting your EUI credentials you will immediately be prompted to provide a second means of authentication.
For example if you configured to be sent a SMS text you would be prompted for the following:
Figure 10: Requesting an additional means of authentication
In the above example, check your mobile phone for an incoming SMS text from Microsoft and insert the 6 digit code it contains, followed by click on Verify to complete your sign in.
If you configured other authentication methods, check out how you should interact as detailed in Authentication Methods.
If, for any reason, your preferred authentication method is unavailable (e.g. battery of your mobile exhausted, mobile forgotten or lost, etc.), do not despair! As long as you have set additional methods, at the verification screen just click on "Sign in another way" and choose any of the available alternative options:
Figure 11: Authenticate via another method
- For support in setting up MFA or in authenticating via MFA on EUI office computers and/or EUI service laptops, mobiles and tablets, please contact the EUI Helpdesk;
- For support in setting up MFA or in authenticating via MFA on personally-owned computers and devices, please contact Portable Device Support.
- If your main authenticaton method is unavailable and you did not configure any alternative one, please contact the EUI Helpdesk!
- For frequent answers and questions, please check the dedicated FAQ section.
- For any further question, contact the EUI Helpdesk.
= Depending on the language of your webmaill, the message may state to press either the £ (pound) key or the # (hash) key. In any case the key to be pressed is always the # (hash) key!
Page last updated on 16 March 2023