The main purpose of Multi-Factor Authentication (MFA) is to prevent the abuses of the user accounts. In practice MFA means that you verify, in other words approve your sign-ins on the phone, which has been connected with MFA. Because your phone is needed for the verification, no external quarter is able to abuse your user account.
The verification by phone is required when logging with universities M365 account outside the campus network without VPN connection.
MFA is in use for all the Microsoft accounts aka M365/O365 usernames of the university and Oamk. In practice, MFA is connected to the user accounts of the staff and students and also to the so-called UFO accounts. The MFA is also in use for the guests who have been invited to Teams groups, read more: MFA with a guest user account (ict.oulu.fi)
If your MS account doesn’t include the setting, how to send an verification request to you, you will be directed by the notification “More information required” (in Finnish “Lisätietoja tarvitaan”) to add your verification method to your MS account’s security information.
The contents of this instruction:
Setting up Authenticator
Microsoft Authenticator
Choose Microsoft Authenticator application as your default method if you are using a smartphone. Microsoft Authenticator is the preferred method of verification. Its use makes it possible to take advantage of some new features, for example reset the password without Suomi.fi authentication.
Do this:
- Download Microsoft Authenticator from the app store of your phone.
- Sign in at https://o365.oulu.fi (link opens in a new window)
- You’ll see a ‘More information required’ notification, press Next.
- If you have already downloaded Microsoft Authenticator, press Next. If not, you can press “Download now”.
- Press Next and you should now see a QR code.
- Open the Microsoft Authenticator app on your phone and allow notifications and camera use.
- In the top right you should see a + button, press on it and after that select “Work or school account” and “Scan QR code”.
- Scan the QR code and press Next.
- In the Authenticator app you should now see a “Are you trying to sign in?” pop up, type in the numbers you see in the sign-in window in your browser and press Yes. Go back into your browser and press Next.
- Authenticator is now set up on your account, press Done.
- Please choose Authenticator as a primary method. From now on, you will accept or deny the verification requests on the Microsoft Authenticator application that has been installed in your mobile device.
- The phone must have a data connection and the device should be available to you.
- If you process the university email or calendar also on the same mobile device, the application must be Outlook or some other application which supports the feature Modern Authentication of M365.
- You can also use the Authenticator app to authenticate other, including your private user accounts, by adding the accounts you like in the app.
Phone
Choose Phone as an alternate method when your default method is Authenticator. Set it as a primary method only in the case when it is not possible to install Authenticator application in your phone.
- When you choose Phone as your method, you can confirm the sign-ins with a phone which does not need to be a smart phone. According your choice you receive a disposal code as a text message and type it in to the login screen, or you receive an automatic call which you confirm with the phone’s key #.
- Using the phone does not incur any expenses for you.
- When you have your phone number as an alternate method, if you upgrade your phone, you will still be able to sign in by selecting “I am unable to use Authenticator right now” and SMS which will send you the login code by text. With this, you can remove your previously linked Authenticator and set up a new one.
Resetting Authenticator
In the event that you have: a) deleted/Reinstalled Microsoft Authenticator or b) upgraded to a new phone, Authenticator will have to be reset.
- If you have your phone number set as an alternate method, you can access your security info via: https://mysignins.microsoft.com/security-info. When signing in, select the options “I am unable to use Authenticator right now” and SMS which will send you the login code by text.
- From here you can remove your previously linked Authenticator and set up a new one by selecting “+ Add sign-in method” and Microsoft Authenticator.
- From here you can remove your previously linked Authenticator and set up a new one by selecting “+ Add sign-in method” and Microsoft Authenticator.
- NOTE! If you cannot access your MS account security info, for example in case your phone number has changed and a wrong number has been saved, set a new number directly through this link: https://account.oulu.fi/mfa. Identify yourself in Suomi.fi e-Identification service.
Use of MFA
- Once your MS account includes a working verification method, requests for verification will be coming to your phone with the verification method you have chosen (Authenticator app, SMS or phone call).
- Verification requests apply only to those logins where you use the university’s M365 user name and the device you use is outside the university or Oamk network and is not VPN connected to the network.
- In the future, the need for verification will decrease as trust relationships arise with the devices you use. In the login window, you can set a device specific 60 day break for verification. After changing the password, verification will be asked, even if the break is in effect.
- In the login window, you can choose a secondary verification method if the primary method cannot be used at that moment. Because of this, it is important to have at least two working methods stored in your security info.
FAQ
If in the introduction any problems or questions arise, please check if the solution is found here: FAQ – Frequently Asked Questions.
Detailed instructions on how to take MFA in use (PDF)
- You can contact Campus ICT support service too.