Why do I have to have Multi Factor Authentication enabled on my account?


Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for you the end user. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods. The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:

  • Something you know (typically a password)
  • Something you have (a trusted device that is not easily duplicated, like a phone)
  • Something you are (biometrics)


What happens to my mobile number and who has access to this?


Your mobile device number is secure stored within CIT's office 365 tenant and is only used for the purpose of your account security.


How do I update to a new phone number?


Directly within the Office 365 portal https://outlook.com/cit.ie once signed in, click on your Name \ Mugshot in the top right hand corner, click My Account and under Security Info, click Update Info. Click Change next to your existing mobile number and edit your number here. Click Next and you will be texted a 6-digit code to verify you own the mobile number. Enter the 6-digit number, click Next and your number will now be changed.


I want to change from using the text message method to the App method. is this possible? 


Yes, absolutely you can change the verification method at anytime.

Ensure you download the "Microsoft Authenticator" app downloaded on your mobile phone by using the app \ play store.

Similar to the method used in 'How do I update to a new phone number' directly within the Office 365 portal https://outlook.com/cit.ie once signed in, click on your Name \ Mugshot in the top right hand corner, click "My Account" and under Security Info, click Update Info. Click +Add method, select Authenticator app and click Add.

Follow the on screen instructions and open the Microsoft Authenticator app. Click Next - Next - (Allow notifications and access to your camera when prompted in the App on your phone) and scan the QR code on screen when prompted. Your app should display Account added successfully. Click Next on screen and approve the authentication prompt on your App. Click Next and you have successfully configured the Microsoft Authenticator app.

Refresh your webpage by clicking on the reload button on your browser or by pressing F5.

Click Change on the Default sign-in method and change the method to Microsoft Authenticator - notification.

You have now changed your authentication method to the App

 Follow the setup steps outlined in the how to here.


I want to change from using the app method to the text message method. is this possible? 


Yes, absolutely you can change the verification method at anytime.

Similar to the method used in 'How do I update to a new phone number' directly within the Office 365 portal https://outlook.com/cit.ie once signed in, click on your Name \ Mugshot in the top right hand corner, click "My Account" and under Security Info, click Update Info. Click +Add method, select Phone or Alternate Phone and click Add.

Follow the on screen instructions and enter your mobile phone number. Select the Text me a code option if not already selected and click Next

You will now receive a 6-digit code to your mobile provided. Enter the code on screen and click Next.

You should receive a message to say SMS verified. Click Done.

Refresh your webpage by clicking on the reload button on your browser or by pressing F5.

Click Change on the Default sign-in method and change the method to Phone - text (your number) and click Confirm.

You have now changed your authentication method to Text message

Follow the setup steps outlined in the how to here.


Will I continually have to use MFA all the time?


While on the corporate CIT network, MFA is not required, but should you access any of your Office 365 services from anywhere else you will be challenged for MFA, this also includes CIT WiFi network Eduroam.


I want to manage my devices that have the MFA authenticator app installed on them, is this possible?


Yes, it is possible to view and\or edit the list of devices that you have setup for which to use the Microsoft Authenticator app. 

Within the Office 365 portal https://outlook.com/cit.ie once signed in, click on your Name \ Mugshot in the top right hand corner, click My Account and under Security Info, click Update Info

From within this window you will see a listing of your Authentication methods. From here you have the ability to delete any of these methods.


What data does the Authenticator store on my behalf and how can I delete it?


The Microsoft Authenticator app collects three types of information:

  • Account info you provide when you add your account. This data can be removed by removing your account.
  • Diagnostic log data, which resides only in the app until you choose to Send Logs to Microsoft through the app's Help menu. These log files contain personal data, like your email addresses (such as, alain@contoso.com), server/IP addresses, and device data (such as, device name and operating system version), with the personal data limited to info necessary to help troubleshoot app issues. You can view these log files in the app at any time to see the info being gathered. If you send the log files, the Authentication app engineers can use it to troubleshoot customer-reported issues.
  • Non-personally identifiable usage data, such “started add account flow/successfully added account,” or “notification approved.” This data is an integral part of our engineering decisions and helps us determine what features are important to you, and where improvements need to be made in the form of updates to the apps. You, as an app user, see a notification of this data collection on first launch of the app, and are informed that it can be turned off on the app’s Settings page. You can enable or disable this setting at any time.


Do I need to be connected to the Internet or my network to get and use the verification codes?


To receive the Approve \ Deny notification on your mobile app, you will need Internet or be connected to data on your mobile.


The alternative method of using the verification code on the app does not require you to be on the Internet or connected to data, so you don't need phone service to sign in.


To receive the Text message for verification, you will need regular phone service.

The app stops running as soon as you close it, it won't drain your battery.


Why does the Microsoft Authenticator app allow you to approve a request without unlocking the device?


You don't have to unlock your device to approve verification requests because all you need to prove is that you have your phone with you. Two-step verification requires proving two things – a thing you know, and a thing you have. The thing you know is your password. The thing you have is your phone (set up with the Microsoft Authenticator app and registered as an MFA proof.) Therefore, having the phone and approving the request meets the criteria for the second factor of authentication.


Why do I get so many prompts to approve my login to Office 365 applications?


Since the main goal of multi-factor authentication is to prevent someone who isn't you from logging into your accounts, the process requires that you approve the login whenever you sign in differently than you did last time. Differently could mean from a different device (mobile phone, home computer, office computer, etc.), a different Web browser, or even a different Office 365 application (OneDrive, Outlook, etc.). Even if you have checked the "don't remind me again for 14 days" option on the login screen if you were prompted, the 14-day grace period only applies to that particular device, application, and browser.


Should I always approve/accept/allow the login prompt?


No. If you are prompted to approve a sign in but haven't tried to sign into anything, there is the possibility that there was an application that automatically started with your password saved attempting to log in, or your sign-in attempt was sent twice (e.g. refreshing a log in page).

If the sign in request appears during a time where you have not attempted to sign in or open applications recently, it may be someone else attempting to access your account without your permission. If you are ever unsure, click deny and contact the Service Desk if you have any questions or concerns regarding your account.