To begin using 2FA you must first register a minimum of two security methods, we recommend one of the following options:
We encourage you to register as many security methods as you can. The full list of available methods is:
Important!
You will see a window appear stating ‘More Information required’ or you may even see a ‘Skip for now (14 days until this is required)’ dialogue – Click Next to begin the process
if you are not prompted, visit this web page to get the 2FA registration process started: https://mysignins.microsoft.com/security-info
or https://mysignins.microsoft.com/setupsecurityinfo
(You may even be prompted without visiting the above links) – this is due to you using desktop applications i.e. MS Teams, Outlook or One Drive
You must now download and install the Microsoft Authenticator app (see instructions below)
or
If you do not want to use an authenticator app. choose, 'I want to set up a different method' (located at the bottom left of the dialogue box)
This is the securest and most recommended method by Microsoft.
Make sure to install the latest version of the Microsoft Authenticator app, based on your operating system:
Note: If you're not currently on your mobile device, you can still get the Microsoft Authenticator app by sending yourself a download link from the Microsoft Authenticator page.
By registering a phone number, the phone number will be used to receive a call from Microsoft's automated line. You will be prompted to either press the # key or the £ key, on the keypad of your mobile phone.
Note: If you are prompted to press the £ key on your keypad - press the # key.
Note: You can only get to email as an option if you choose phone as your first option
Answer some security questions created by your administrator for your organisation.
If you choose this option, you will need to answer 5 security questions as a backup method of 2FA.
Smartphone and desktop app
Smartphone and desktop app - The Authy app can be installed as a desktop/laptop program for Windows and macOS; this is useful if you don’t have access to a smartphone
You will be able to choose a primary authentication method when you register, which you can change or update at any time. Current options are outlined below:
| Verification Method | Description |
|---|---|
| Mobile Notification (Microsoft Authenticator Required) | A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in. |
| Verification Code (Microsoft Authenticator Required) | The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code on the sign-in screen. |
| Phone Calls | A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process. |
You will also be asked to set up a backup authentication method. We recommend that you use your office phone as a backup, to help you access your account in case you forget or lose your mobile device.
Yes. We encourage you to use your personal device for 2FA.
You will receive an automated call instantly from Microsoft.
This is the American term for the “hash” (#) key
In order to improve your security at Middlesex, we're introducing Two-Factor Authentication (2FA).
2FA provides an added layer of security on top of your username and password when you access uni resources online. Once set up, it is easy to use and provides increased protection against cyber-attacks.
From now, you'll be asked to set up 2FA to log in to any Microsoft 365 application. This will pop up on your screen when you try to log in, you just need to click 'More info Required' to start setting it up.
Follow the on-screen instructions to register your security methods, if you are having trouble, watch the step-by-step video, or read the FAQs below.
Top tip: set aside 15 minutes to go through the process. If at any point it stops working, close your browser, delete the app, and start again.
Two-Factor Authentication (2FA), also known as (multi-factor authentication), provides an additional layer of security on top of your username and password when you access university resources online. Once set up, it is easy to use and provides increased protection against cyber-attacks.2FA being enforced, they cannot exploit your password to login to Microsoft 365 services.
Hackers and criminals are increasingly gaining access to usernames and passwords across Higher Education organisations via methods such as phishing, publicly available social media information, and out-of-date software/hardware.
Review our MFA Frequency Settings Guide to review all applications affected.
2FA will impact all staff and students including overseas and partners.
The current settings require reauthentication every 90 days.
You will need to re-authenticate on each device and each browser you use.
There are also videos available on the Microsoft website to demonstrate how to set up the various Two-Factor authentication methods.
SSPR (Self-Service Password Reset) is a system used to reset student passwords in the event that you have forgotten your existing password. By using the SSPR service you can quickly reset your password without the need to contact UniHelp or IT Services.
You will be able to choose a primary authentication method when you register, which you can change or update at any time. Current options are outlined below:
| Verification Method | Description |
|---|---|
| Mobile Notification (Microsoft Authenticator Required) | A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in. |
| Verification Code (Microsoft Authenticator Required) | The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code on the sign-in screen. |
| Phone Calls | A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process. |
You will also be asked to set up a backup authentication method. We recommend that you use your office phone as a backup, to help you access your account in case you forget or lose your mobile device.
You can make changes to your authentication settings by visiting Microsoft's Security Verification page.
If you need to update your 2FA settings, you change your mind or want to add more methods to your account you can follow the steps below.
The Service Desk cannot update 2FA for a user. Only the user can update their settings. The Service Desk can only clear current 2FA settings.
Yes. We encourage you to use your personal device for 2FA.
At a minimum, you can expect once every 90 days per device and per browser session. However, we are unable to guarantee you will be prompted for it on random occasions.
You will need to re-authenticate on each device and each browser you use.
Some actions - like logging out of browser sessions, rebooting devices, accessing sensitive information, or connecting from a new location – may prompt you for 2FA. As MDX’s security strategy evolves, this scope will also change.
Please log a call with UniHelp, who can reset your security methods, to allow you to re-start registration
Yes. When prompted for 2FA, you will need either a data connection (for Authentication apps) or a phone signal (for phone numbers) on one of the devices you registered for 2FA.
This is by design. Such private browser windows do not preserve logon or 2FA sessions when they are closed.
Yes, and we encourage you to register as many as you feel comfortable with. The more methods registered, the more secure your account will be.
Visit this link to add more methods: https://mysignins.microsoft.com/security-info
If a hacker were to learn your password, there is a real risk they can intercept SMS texts sent to you and thereby bypass 2FA and get access to your data.
SSPR requires two different security methods to be verified before a password can be changed. This makes it unlikely that any SMS interception by a hacker will result in compromise of your account
Any type, including mobile, landline and office numbers. Although note that, in the future, MDX office phone numbers may migrate from Jabber to Teams; at that point, they would no longer be usable for 2FA
Due to an authenticator error, some NHS students have found they’re unable to enrol/sign-in using the provided MDX user ID and password if they already use Outlook and Authenticator app to access NHS emails.
To successfully enrol if this applies to you, please follow these steps (use a tablet or laptop rather than mobile device)
Let your module leader know if you’re having problems.
No, the change will be automatic, as long as your MS Authenticator app is up to date. You can expect to notice it on your first 2FA logon prompt, on after February 27th, 2023.
No, Microsoft are enforcing this change.
No, these will continue to function as before. But note that using Microsoft Authenticator is still considered the most secure 2FA method; it can be used on any up-to-date and supported mobile device
Please report this immediately as suspicious behaviour to student IT helpdesk.
Yes, but you can switch from your default method to MS Authenticator number matching during logon. We recommend that you set MS Authenticator as the default method.
Please visit https://aka.ms/mysecurityinfo. We recommend you review, update and where possible add to your authentication methods on a regular basis.
You will no longer be able to use Microsoft Authenticator to logon to your Middlesex account. You need to upgrade to the latest version of Microsoft Authenticator to use it for sign-in.
You may see this message appear on your device when accessing your email – this means you will now only be able to access your emails through the official Microsoft Outlook app:
You can contact UniHelp
If you forget your mobile device at home or elsewhere, you can use your backup authentication method.
It happens. You left your mobile device at home, and now you can't use your phone to verify who you are. Maybe you previously added an alternative method to sign in to your account, such as through your landline phone. If so, you can use this alternative method now.
If you never added an alternative verification method or you run into further issues, you can contact UniHelp.
If you've lost or had your mobile device stolen, you can take either of the following actions:
We strongly recommend letting CCSS Helpdesk know if your phone was lost or stolen. The Helpdesk can make the appropriate updates to your account. After your settings are cleared, you'll be prompted to register for Two-Factor authentication the next time you sign in.
Cyber security looks at how individuals and organisations can reduce the risk of cyber attack. Cyber security’s core function is to protect all the devices we use (phones, laptops, tablets) and the services we use (online and at work) from theft or damage.
Most importantly, it’s about preventing unauthorised access to the vast amounts of personal information we store online and on these devices.
Don’t click on links within an email unless you’re certain that the sender is genuine.
So how do you spot a phishing email?
Well, many phishing emails will have bad grammar and spelling or the design and overall quality won’t be too good. Often these emails won’t address you by name or will ask you to act urgently. Also, if the email is offering something that sounds too good to be true… it probably is!
If you experience any issues relating to cyber security, please contact UniHelp and they’ll assist you.
