New MFA Features | StaffNet | The University of Aberdeen

New MFA Features

Strongest MFA method by default

From now on our MFA system will automatically select the strongest (most secure) MFA method you have registered by default even if you have not configured it as such.

For example: You have set up text message as your default method for verifying your identity and have also installed Microsoft Authenticator on your mobile phone. In this example, this change now means that Microsoft Authenticator would become the default as it is more secure than a text message, although you can still opt to use text at an MFA prompt.

You can manage your MFA methods here https://aka.ms/setupsecurityinfo

Passwordless login

Microsoft Authenticator App users now have the option to register their phone so that it can be used to complete Multi-factor Authentication (MFA) requests. This allows passwordless logins to MFA, making logins easier as you will not be asked for your password, but will remain secure. Once you’re registered, you can log in to cloud services, such as Microsoft 365 with your username as normal and complete the MFA prompt. Please refer to the Passwordless Login User Guide for details on how to set this up.

Authenticator Lite

It is now possible to use the Microsoft Outlook app as a simplified ‘Lite’ version of MS Authenticator on your mobile device, provided that you do not already have the MS Authenticator app also installed. You may see a prompt on your mobile offering a new way to sign in.

This can be used to verify your identity when you sign into your email. It works by sending a notification to your phone when you try to access your Outlook account and will prompt you to enter MFA numbers on screen within Outlook mobile app as shown below:

FAQs

Who does this apply to?: Android/iOS Outlook app users that don’t have Microsoft Authenticator installed.
How do I set up Authenticator Lite?: Users will be prompted to register their account directly from the Outlook mobile app. You should see a banner near the bottom of your Outlook screen. Tap Sign-in to proceed with the registration process.
Should I use Microsoft Authenticator or Authenticator Lite?: We strongly recommend the use of the full Microsoft Authenticator app as this is where future developments such as passwordless logins will take place.
How do I manage Outlook app settings?: To turn approving notifications on or off from Outlook, open Outlook, select the circle in the top left, then the settings gear in the bottom left. Select the account that is registered for MFA, then scroll down until you see Authenticator. Select the tab to toggle your registration On or Off.