You are here: AU  Staff  Staff Service IT Email and calendar Office 365 Two-step Authentication

Two-step Authentication

Why two-step authentication?

Two-step verification adds an extra layer of security. When logging in to your mailbox in future, you will need to use your password and one other factor or form of verification. We recommend that you use Microsoft’s app for this purpose. You must thus enter your password and press ‘Approve’ in the mobile app. This will effectively help stop phishing attacks, as hackers will no longer be able to access your mailbox using just one password. They will also need to have access to your mobile app.

Why mobile phone?

Why a mobile phone? The use of a mobile phone as the second step in the two-step authentication ensures, that the second step happens on a device you presumably have with you all the time. The use of a mobile phone can be done in several ways. We recommend as written that you install an app if you have a smartphone, but the approval process can also happen by an SMS message or a phone call. If you choose to use the option with the SMS message, you will receive an SMS message with a code to be entered. It is not a requirement that the mobile phone is issued by Aarhus University.

The use of the app is not dependent on you using your mobile phone to access AU e-mail or among other things. The app is generic and can also be used in combination with several other services e.g. Facebook.

We recommend that you use the mobile phone that you are most likely to have on you.  

Guidelines on setup of two-step authentication

NB! Click here if you don't have a mobilephone.

1. Download and install the ‘Microsoft Authenticator’ app on your mobile. You should not open the app yet – merely install it. You will find the app at App Store or Google Play.


Microsoft Authenticator icon

2. Do no open the app yet. (Nothing happens if you do)

 

3. When you receive the email ‘You must now set up your Office 365 two-step authentication’ you must go to https://aka.ms/MFASetup to do so.

  • If asked to enter your username you must always use the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk. You can find your auid at mit.au.dk. If you’re at your work computer at AU you will not necessarily be asked to enter either your username or your password.  
  • If you see the following dialogue box in Outlook you can instead start setup of two-step authentication here by clicking on ‘OK’.



4. Log in to https://aka.ms/MFASetup.(On your computer)


5. You will see this message. Click on ‘Next’ to continue with setup. (On your computer)



6. Configure two step authentication: (On you computer)

  • Select Mobile App from the list
  • set the dot alongside ‘Receive notification of approval’.
  • Click the blue button labelled ‘Set up’.



7. Then open the ‘Microsoft Authenticator’ app. (On your mobile).

8. Add an account on the app, and select ‘Work or school account’. (On your mobile)



9. Keep your mobile in front of your computer screen so the app can capture the QR code. See example below. 


10. Click on ‘Next’


11. When you see the image below, you should click on ‘Approve’ in the ‘Microsoft Authenticator’ app on your mobile.

12. Select the country code and enter your mobile number.

13. Click ‘Next’.


14. Click  ‘Finished’ and close the window. You are now ready to use two-step authentication.

 

You have now finished setting up two-step authentication. Don't click anything else. Close the page.

How two-step authentication works

When you log in to your mail, e.g. at https://webmail.au.dk, and enter your username and password, you will subsequently be asked for two-step authentication.

In your browser you will see this image. You must now use your mobile for the next step.

 

On your mobile you will see a drop-down menu on which you can select ‘Approve’ or ‘Deny’. Select ‘Approve’.

 

If you do not manage to press ‘Approve’ on the drop-down menu you can always open the Microsoft Authenticator app and press ‘Approve’ there. When you’ve pressed ‘Approve’ on the app you will be logged in.

 

Remember that you must enter your username in the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk.

App password

Some old apps and programs don’t support two-step authentication. When a program doesn’t support two-step authentication you can in some cases use an app password instead of your normal password. Find out more here.

Please note that not all programs and apps support app password.

What if I don’t have any mobile coverage?

If you are out of range and thus cannot carry out two-step authentication you should click on ‘Sign in another way’.

 

Click on ‘Use a verification code from my mobile app’.

 

Enter the code and press ‘Verify’.

 

You will find your six-digit verification code by opening the ‘Microsoft Authenticator’ app on your mobile.

Mobile app or text messages? Change settings

Two-step authentication can be set up so you will be contacted in the following ways:

  • Information via app (Mobile app)
  • Text message
  • Call
  • Authentication code from app

If you have a smartphone we recommend ‘Information via app’/‘Mobile app’.

If you want to change your settings you can do so here.

What if I don’t have a mobile?

If you don’t have a mobile (you may use your private phone if you wish to) you can instead choose to use your landline or a hardware token. You may only order a hardware token if you absolutely need one, e.g. if you don't have access to a mobile phone or can't use a landline.

See more about hardware tokens here.

How to setup two-step authentication if you have a landline

When you receive the email stating that you can set up two-step authentication you must go to https://portal.office.com to do so.

If asked to enter your username you must always use the format au[auid]@uni.au.dk, e.g. au12345@uni.au.dk. If you’re at your work computer at AU you will not necessarily be asked to enter either your username or your password.  

If you see the following dialogue box in Outlook you can instead start setup of two-step authentication here by clicking on ‘OK’.

When you log in to https://portal.office.com, you will see the following message. Click on ‘Next’ to continue with setup.

Select ‘Phone number (approval)’. Select ‘Denmark (+ 45)’ as country code and enter your landline number. Select ‘Call me’ under Method, and conclude with ‘Next’.

A robot will now call your landline and ask you to press # to confirm that it is you who are attempting to log in.

Click on ‘Finished’.

Lost, stolen or new mobile

Stolen or lost mobile

If your phone has been stolen or you have lost it in some other way, you will have to get your two-step authentication set up again. You must contact Support for help with this. Support can also help get the content deleted.

New mobile

If you’ve got a new mobile you must transfer your two-step authentication to it. 

 Dette gøres ved at klikke på "Konfigurer authenticator app" på linket her.  Du skal bruge din gamle mobil til opsætningen, så vent med at nulstille den, eller slette app'en. Vejledning til videre opsætning finder du her.

1444952 / i40