Multi-Factor Authentication FAQs

What Is Multi-Factor Authentication?

MFA strengthens security by adding an extra layer of protection on top of your University username and password. It works by requiring an extra step to prove you are who you say you are when accessing some online services. This may be a mobile app notification or a code to your phone.

Why is the University using MFA?

MFA helps protect to protect your personal data and the confidential data of the University. It provides an extra security step, similar to online banking.

Can I opt-out of setting up MFA?

No, all colleagues and students are required to register for MFA.

Do I need to keep the Microsoft Authenticator app after the first set up?

Yes. You must keep the Microsoft Authenticator app as you will need to use it to approve/authenticate when you sign into some University applications when off-campus or on the eduroam network.

When can I register?

You can register now at https://aka.ms/mfasetup, log in using userid@newcastle.ac.uk

It's best to use a separate phone and laptop/tablet whilst following the setup process. 

How often will I be challenged?

You can be challenged at any time depending on what you are accessing and which device. The MFA systems make a judgement based on set rules. You will not be challenged every time you log on, and in some cases very infrequently. However, if you are accessing University resources from your own device, you may be challenged regularly and in some cases every time you log in.

Do I need to set-up MFA if I'm studying internationally or working abroad?

Yes, all members of the University are required to register for MFA. This includes students and colleagues at our campuses in the UK, Singapore and Malaysia and anyone working or studying abroad. The registration process is the same.

Which services use MFA?

The following services will require you to use MFA:

  • Your University email
  • OneDrive
  • Microsoft Office applications that access OneDrive area (such as Word, Excel PowerPoint)
  • SharePoint
  • Canvas
  • Zoom
  • Skype
  • Yammer
  • Teams
  • Windows Virtual Desktop
  • Microsoft Azure
  • Mailing Lists (Sympa)
  • Dropoff

Will I get prompted for MFA every time I sign in?

Usually, all managed desktop PC’s on-campus and University-managed laptops using Direct Access are automatically deemed as secure, so you won’t be prompted for MFA each time you log in using the Microsoft Edge browser (you may be challenged when using Chrome on a University device). There will only be an additional challenge when accessing from an unusual location or an unusual device.

When using a device that is off-campus - this includes on the eduroam network - you will be required to use MFA when logging into Office365 services, such as Outlook, Canvas, Teams and OneDrive.

When you first log in you will see a tick box allowing you to choose to provide your secondary credentials periodically.

What about accessing email on mobile phones?
 
If you use the Outlook app or a browser to access specific University resources on a mobile phone or other mobile devices, you will be challenged just as in any other situation. This includes a mobile phone or other mobile device provided by the University.
 
Do I need to have a smartphone to use MFA?

No, you can also use a mobile phone or tablet. However, we recommend that if you have a smartphone, you use the Microsoft Authenticator app as this is the simplest way to approve an authentication prompt.

In the mobile app, what's the difference between receiving a notification for verification or using a verification code?

  • Receive notifications for verification. This option pushes a notification to the authenticator app on your smartphone or tablet. View the notification and, if it is legitimate, select Authenticate in the app. 
  • Use verification code. In this mode, the app generates a verification code that updates every 30 seconds. Enter the most current verification code in the sign-in screen. The Microsoft Authenticator app is available for Android and iOS.

What if I can't use the Authenticator app?

You can register to receive a text to your mobile phone or you can request a security token.

What should I do if I lose my phone?

Please contact the IT Service Desk.  You can also set up a second device in case this happens; we recommend adding an additional authentication method once you have registered for MFA. You can do this by following the Microsoft instructions to Change your two-step verification method and settings (microsoft.com)

What should I do if I lose my phone while working or studying abroad?

If you lose your phone when working or studying abroad, it is essential that you re-establish connectivity via an alternative authentication method as soon as possible, so the University can keep in touch with you to make sure you are safe and well. If you have an alternative or replacement device available, please call the IT Service Desk on (+44) 191 208 5999 to reset your MFA information. Our lines are answered 24/7/365.  If there is a delay in replacing your device or if you are unable to get a new device until you return to the UK, you will need to find a way to contact us by phone to explain your situation and confirm your security details. Our Cyber team will then consider disabling MFA, for up to one week on a case-by-case basis.

What if I change my phone?

If you get a new phone then you will need to change the setup of your MFA. You can do this by following the Microsoft instructions to Change your two-step verification method and settings (microsoft.com)

Can I use my office phone?

No, you are not advised to use your office phone as you will not be prompted to provide an authentication code when using a University PC. Also, you would need to be at your desk to take the call and this may not be possible with current working practices. 

Receiving a code isn’t the best for me. Is there another option available?

The Microsoft Authenticator app allows you to choose to Approve or Deny rather than enter a series of digits. You can download the Microsoft Authenticator app from your App store.

I've received an unexpected text message or an App notification to verify my authentication.

Please decline the app notification and contact the IT Service Desk who can investigate further.

What do I do if I cannot get into my account?

Please contact the IT Service Desk. 

How many options should I set up for MFA?

The recommendation is at least 2, so if you forget your mobile phone, for example, you have another method set up. See Change your two-step verification method and settings (microsoft.com)

How do I change the default security verification method I'm using?

See the Microsoft advice to Change your two-step verification method and settings (microsoft.com)

Is my personal data secure?

Any personal data provided during the registration process is encrypted and secured; please take a moment to read our Privacy Notice.

Do I need to register school/service/role accounts?

No, school/service/role accounts will have MFA enabled at a future date.

Due to Facebook and Google's recent admissions about the level of privacy invasion they conduct via systems I’ve been considering getting rid of social media, mobile phone or degoogling at the very least, from my understanding of the MFA FAQ’s I will have to have continue to operate an IOS or Android device to access the University IT system is this correct?

You can request a security token through the NUIT Service Desk to use in lieu of a mobile device.

Will the Microsoft Authenticator app undertake any privacy infringement, metadata tracking etc. of the individual’s device?

Questions & answers about Microsoft Authenticator app - Azure AD | Microsoft Docs

This information can be found in the “Delete stored data” section.

If a lost device could compromise the university system will the individual be liable for any problems caused if this is the case?

Informing NUIT will allow us to take mitigating action to prevent unauthorised access to your account and data.

Email has stopped working on my personal device

The mail/calendar app on your device may not be compatible with MFA. Consider installing the Outlook iOS/Android app, which does support MFA. If you want to continue to use the iOS Mail app try removing your University mail account and re-adding it; see how to manually reconfigure your email. If this doesn't resolve the problem, please contact the IT Service Desk.

How to get help

If you have further questions about MFA or need help, please contact the IT Service Desk. (It's best to call using a different phone than the one you're trying to register with.)