Office365 Email and MFA
MFA (Multi-Factor Authentication)
MFA (Multi-Factor Authentication) has been made mandatory for all staff and HDR students as of Friday 13 August 2021. This is in direct response to a heightened cyber security threat level across the sector, and has been initiated to help protect the University, its systems, and data assets.
Please watch our video guide below to help you with setting up MFA.
Top 10 Frequently Asked Questions
I have setup MFA and able to access my email via the web. However, I cannot access my email via my mail client.
After you setup MFA, you will need to re set up your access to your mail clients. In many cases, it requires you to remove the account and re-add again. To remove your work account, go to Settings > Accounts > School or work account, Sign out and sign in again.
When you remove the account, select the remove the account from everything instead of 'remove the account just for this computer'.
My mail app give me an error "Your email access has been blocked".
The error you are experiencing indicates that the email client is still using a legacy authentication method on your device. Legacy authentications were removed when multi-factor authentication was implemented due to heightened security.
To resolve this issue, here are two options for you to try:
Option 1 (Recommended): Download and set up the Outlook app from the App store or Google Play store, and enter your account information, also choosing “setup automatically”.
See guides below:
Option 2 (continue to use your native mail app): Delete your account from the mail app you are currently use on your phone, and add it again as a new account, choosing “setup automatically,” Use your MQ O365 username @mq.edu.au and password.
See relevant guides below:
Unfortunately, Thunderbird is unsupported as a third-party client to connect with University emails at this time. However, you can try the following workaround which would involve re-configuring your account:
- Remove your account from Thunderbird and re-add it.
- Once you've set up the email account again, in Server Settings change the Authentication Method to OAuth2.
If the above does not work, please use the Outlook app to connect with your emails securely.
Install the latest version of Office if you haven't already (All MQ Staff can install in up to 5 devices including personal devices):
See guides below or check on the installation video:
I don’t have a mobile phone equitable to setup the MFA app, what can I do?
If you are using Windows or Mac, you may download and install Authy on your computer. You will still need to have access to a landline or a mobile phone to receive a call or SMS for the initial setup. After that, the MFA can be done from the computer.
If you use Linux and have access to a landline or a mobile phone that can make and receive calls, you may follow the Alternate authentication methods guide to setup your MFA.
I have a @hdr.mq.edu.au email, do I need to setup MFA?
Yes, MFA is required for all Office365 email including @hdr.mq.edu.au. HDR email account are not linked to OneID, hence the system will require an extra step for authentication.
Please first setup the Microsoft authenticator app for your MFA and then you will be prompt to setup a second method for authentication (e.g., phone number)
Once completed, you will be able to access your HDR email.
I have an older Mac OS or an older iOS on my iPhone, will MFA work?
For macOS 10.14 or later, the Apple Calendar App and Mail App support Microsoft MFA. You may need to remove and re-add the account for it to start using MFA. See: Add or remove email accounts in Mail on Mac
If you cannot or do not wish to upgrade to Mac OS X 10.14 or higher, you will not be able to use Mac Mail with MFA. Please consider installing the latest version of Microsoft Office and using Outlook, or you can use Outlook Web Access
For iPhone and using native email app, iOS version must be 11.0 or greater for it to support MFA.
If you cannot or do not wish to upgrade your iOS on your iphone, you will be unable to use iOS Mail with MFA. Please consider installing the latest version of Microsoft Outlook app on your iPhone.
I tried to setup MFA but I can't scan the QR code.
If you have issue with the QR code or unable to scan to proceed, it maybe because the QR code has expired. In this case, when you have the app ready to scan the QR code, please close the window and open a new one to try to log in again, a new QR code should appear.
You may also need to check if the date and time is correct on both of your computer and your phone. If one of them is not correct, it will also prevent you from getting it working.
How do I access a delegated account or generic email account after setting up my MFA?
Access delegated account/shared mailbox from the browser
After setting up MFA, you may need to remove and re-add in your email on your outlook apps on your iOS device, if you previously had access to a generic account/shared mailbox, you may need to re-add it as well.
Please note, MFA is only required for accounts that you need to access using a password. Delegated accounts do not require a password hence no extra MFA is required to setup for your delegated account.
MFA Setup guide (Microsoft Authenticator)
To use Microsoft authenticator for your authentication, follow the screenshots below or download the guide in PDF: MFA Setup guide
Is there any Alternate Authentication Methods?
If you do not wish to use a mobile device for authentication, you may download and setup Authy on your deskop/laptop. However, you will still need to have access to a mobile or a landline for the initial setup: MFA setup guide for Authy
It's always good to setup a backup alternative authentication method just in case, follow this guide to setup: Alternate authentication methods guide
If you choose the option to have the system call your telephone, please note, the recorded message may go for around 60 seconds, but the computer prompt may time out after 40 seconds. You may need to respond before the recorded message is finished.
I try to re-add my email on my iPhone/iPad mail app and it keeps looping, how do I get it setup?
This issue happens usually when you attempt to login and the MFA prompt appears on your phone, if you press on the prompt and then switch to the MFA app, it will cause the loop. This is by design on iOS, that if you lose focus of the page requesting the MFA, it fails in the background.
Solution: When the MFA prompt appears on the phone when you first sign-in, instead of switching to the MFA app, please press, hold and drag down the notification prompt (from the top), this will trigger the approve/deny button to appear (without switching to the MFA app). From here, click approve and this should resolve the issue.
I have setup MFA but now my calendar and contact don't sync, how do I resolve this?
After you have setup MFA, you will need to remove your email account from your mail app on your mobile devices and re add them again. This will trigger MFA authentication for your app to pull email, calendar and contacts from your O365 account.
Sometimes you may need to delete the account and re-add it a couple of times, toggle the sync button to turn off and turn the sync on again to trigger the MFA. If still doesn't work, turn off the device and turn it on again.
You may also need to check and ensure your mobile device is up to date with the newest version as well as the app need to be the newest version.
What is MFA?
MFA (Multi-Factor Authentication) is a great way to add a layer of security to your Office 365 account and works across all services including Outlook (desktop and web), SharePoint and OneDrive, Teams and so on. MFA is the addition of a security challenge that happens after your username and password are accepted.
Why do I need it?
Cybercriminals are increasingly targeting educational institutions and Macquarie University IT has identified a recent increase in a higher level of sophisticated attacks targeting the University Office 365 service.
MFA increases your account security by requiring multiple forms of verification to prove your identity when logging into your Macquarie University Office 365 account.
Can I use a single MFA app for all my MQ systems?
We recommend you to use the official Microsoft Authenticator mobile app on your mobile device as an additional method of verification to secure your Macquarie University Office 365 account.
However, those who wish to use a single app for all MQ applications, can choose Okta, Authy or Google Authenticator. Please note, these apps will not send any push verification / approval, you will need to use the One time code to log in.
Q: What is MFA protecting?
A: MFA adds an extra layer of security to keep your data more secure. Even if a hacker has your username and password, MFA places an additional barrier to stop the hacker from accessing your account.
Q: Why do I need to download an app on my phone？
A: The MFA app, in general, is the fastest, most reliable and secure option of verification. The app ensures you do not need to carry around an extra piece of hardware, plus there are no charges to yourself by using this method. The app also uses very minimal data on your device. Also, the app needs to be installed on your personal mobile device, since the device is unique to you.
Q: Do I have to download the official Microsoft Authenticator app to use Office 365 MFA?
A: Although you can authenticate through other methods, the official Microsoft Authenticator app is the preferred and most secure method for Office 365 MFA. It is also the easiest way and will make authenticating more seamless than other authentication methods.
Using the Authenticator app, you can also access your Office 365 account when there is no internet connection or mobile signal by using the "verification code" from the app to verify your identity.
If it is not practical to use the authenticator app, the following options (authentication methods) are available to use MFA:
- Option 1: Receive a call to a registered mobile phone or landline.
- Option 2: Use Google Authenticator, Okta or Authy, (these apps will not send out push approval, you will need to use the one time code)
- Option 3: Receive an SMS to a registered mobile phone (this is the least secure option and is not recommended)
Q: Can I change my authentication method after I have set it?
A: Yes – you can go to https://aka.ms/mfasetup and sign in to change, or add backup, authentication methods. Avoid “office phone” field as this is not configurable. Visit Managing your Office 365 MFA Set up for more details.
Q: How often will I have to re-authenticate using MFA?
A: In most cases, if using the same device for Office clients including Outlook, Teams or each Web browser you will log in once until your authentication is no longer valid, and you will need to re-authenticate. By default, your authentication will be valid for up to 90 days.
Things that could force you to re-authenticate:
- Don’t log in for 14 days on that device.
- If you sign in and out again in Office clients
- Change your password.
- Swap between Office 365 accounts
- You will need to re-authenticate on each new device and browser you use.
- Suspicious activity is detected, e.g., sign in from another country.
Q: I don't wish to download an app, what are my options?
A: O365 MFA can send a text message, or phone call, to a smart-phone, cell phone, landline (such as your office or home phone) or a tablet. We recommend that users use the app as this is the most secure and convenient option.
Q: What if I don't have a smartphone?
A: If you don’t own a smartphone, you can use the text or call option to verify your identity. See the guide Managing your Office 365 MFA Set up for adding additional authentication methods.
Q: Does MFA see my password?
A: No, the O365 MFA system will verify your password with the internal system and will not send it to MFA. MFA is only used for the second-factor authentication, which is the “something you have”. It is used to verify, not store.
Q: I've got a new smartphone/tablet, how do I reset MFA?
A: If you have a new device, or are switching from iOS to Android or vice-versa, make sure you set up your new phone with Microsoft Authenticator by going to https://aka.ms/mfasetup before you erase your old device. You'll need your old device to sign in.
Q: I've got a new phone number, how do I set up MFA?
A: If you have a new number, make sure you add this at https://aka.ms/mfasetup before closing your account. Once your new number is working, you should delete the old one for security.
Q: I've lost my phone and I have not set up any additional authentication method, what should I do?
A: If you have lost your old phone and no longer have access to your old number you will need to request to reset your multi-factor authentication, please contact the IT Service Desk on 9850 4357.
Q: I don't have my mobile device with me, what other way for me to login to my email?
A:If you have previously setup an alternative authentication method e.g. through our desk phone/ Office phone and you have access to, you may use your alternative authentication method to sign in. Alternatively, you may contact IT Service Desk on (02) 9850 4357 between 8am - 8pm Monday to Friday or 10am - 6pm on weekends.
Office 365, including email, is Macquarie University's cloud-based collaborative and productivity service for staff, offering the latest in Office applications including, Word, Excel, OneNote, PowerPoint and Skype for Business.
When you join Macquarie you will be issued with a university email, which will be automatically set up for you, however, you will need to set up your email signature (on Outlook for Windows, Outlook for Mac, Mac Mail or Outlook Web App).