Multi-factor authentication

Multi-factor authentication usage is enforced automatically to all personnel Microsoft 365 user accounts on Diak University of Applied Sciences.

Multi-factor authentication - What is it?

  • Multi-factor authentication (MFA) is a security tool in Microsoft 365 systems.
  • Implementing multi-factor authentication improves an organization's security and prevents opportunities for security breaches and possibilities of misuse.
  • Authentication adds one step to login in addition to entering a traditional username and password.
  • This can, among other things, identify attempts of misuses with Diak user accounts and prevent third parties from accessing private information, files, or Diak's systems after the user information has been phished for example, through a phishing message.

After multi-factor authentication has been added to a user, there are three ways to authenticate logins:

  • Microsoft Authenticator mobile application (Recommended method, free on app stores)
  • Text message to the specified phone number
  • Phone call to the specified phone number.

Setting up multi-factor authentication

To set up authentication method, it is recommended to have access to a computer and mobile phone.

The next part is done on a computer / mobile device web browser

  • Open a web broser, and go to https://aka.ms/mfasetup
  • When logging in with your personal Diak account, the service will ask for more information about authentication, select “Next”
  • For "Step 1", you can directly configure the mobile application by selecting "Mobile Application" from the drop-down menu. Then select "Receive confirmation notifications" and select "Configuration"

The next part is done on a mobile device / Authenticator app

  • Download the Microsoft Authenticator app (picture 1) from your devices app store (Google Play on Android, or Apple App Store on Apple devices) and open it.
  • Open the mobile app and select “Add Account”.
  • The application may ask permission to use the camera. Select "Allow".
  • Then select “Work or School Account” (picture 2).
  • Select "Scan a QR code"
  • Scan a QR code on the browser from your computer with mobile phone's camera.
  • If you cannot scan the code, follow the installation instructions on the page open on your web browser
    • On the phone screen, select “You can also enter the code manually”
    • Enter the code and URL displayed on the browser from your computer, into the mobile device's authenticator application.

The next part is done on a computer / mobile device web browser, except authentication requests are accepted on a mobile device / Authenticator app

  • Continue on computer web browser, that should still be open
  • Authentication is tested in “Step 2.” The Authenticator app on the mobile device notifies you of the authentication request (picture 1), from which you select “Approve”.
  • Please add your mobile phone number in “Step 3” (picture 2), so that you can log in, even if the application is not available (for example, if your phone is not connected to a network).
  • Select “Finish” in “Step 4”.

The use of multi-factor authentication

Microsoft Authenticator mobile application

  • The phone alerts you to accept the message.
  • You can authenticate login from the message by pressing “Approve”.
  • Authenticator prompts you to unlock the application lock. The lock is unlocked with the same method, you open mobile devices screen lock (access code, fingerprint, etc.).

By text message

  • The number, you specify on the Security Management website, will receive a text message from Microsoft.
  • The message contains a numeric code that must be entered in the text field of the login window.

By phone

  • The number, you specify on the Security Management site, receives an automated call from Microsoft bot.
  • The bot caller lists the code number by number, that must be entered in the text field of the login window
  • The caller is never a real person from Microsoft, a Microsoft technician, or anything related to Microsoft. If you're receiving a call by someone who claims to be a Microsoft representative, it's usually always a scam call. Never give your user account information and creditials to anyone on any circumstances.

Supported email applications

  • Microsoft Outlook (Recommended application, can be used on most common platforms (Android, Apple, Windows))
  • Apple Mail (from version 11 or newer)

Any system, that uses Office-login credentials, will ask for authentication to login each time, you login with a new device, application, or browser.

Devices, browsers and applications, which are marked as trusted platforms, the app will not ask you to authenticate in 30 days. To use this, select "Don't ask again for 30 days" when signing in.

If you receive a notification in Authenticator app, a text message, or a call asking you to approve a login, but you're not currently trying to login in to any system with your credentials, always click "Decline."

If this happens, always change your password throught Diak Identity Service and contact Diak IT support ([email protected]) immediately.

After configuration, you can always change different settings for authentication at https://aka.ms/mfasetup

  • Change the authentication method
  • Change the phone number
  • Assign an account to an application on a different device or reconfigure
    • You can add your account on several devices Authenticator App (for example, personal and work)