During the MFA setup process, Microsoft will ask "How should we contact you?" (to perform MFA checks as you log in). The two methods used by the University of Otago are:
Mobile app (preferred)
Download the Microsoft Authenticator app to your mobile phone. When you sign in to Microsoft 365, Microsoft will request a one-time code from the app or will send the app a “please approve this login” message for you to approve.
Authentication via mobile phone
If you are unable to use the authenticator app, Microsoft can send an SMS (text message) code to your mobile phone for you to enter on the Microsoft 365 login page.
The University's Cyber Security Team strongly recommends that you use the "Microsoft Authenticator" app on your mobile phone as your MFA method, as it provides the highest level of security for your account and University data.
The University of Otago supports the following MFA options in order of preference. Alternative options are not available due to security risks:
For staff
- Microsoft Authenticator on University-owned/personal mobile device.
- SMS/phone call to University-owned/personal mobile device.
- Token2 Physical Key if none of the above are suitable.
For students
- Microsoft Authenticator on University-owned/personal mobile device.
- SMS/phone call to University-owned/personal mobile device.