Introduction

About Multi-factor Authentication (MFA)

Multi-factor authentication (MFA) is a process where a user is prompted during sign-in for an additional form of identification, such as using a one-time passcode sent by SMS to their mobile phone. MFA provides an additional layer of security to protect important Department services, especially when using remote access or using privileged app functions.

Multiple methods can be used with MFA - you are not restricted to only one MFA option, as you choose which method you want to use at the time you authenticate. The following methods are available at the Department:

  • Microsoft Authenticator app on your iPhone, iPad or Android phone (most secure option)
  • Using Microsoft Authenticator on your iPhone, iPad or Android phone to generate a one time code
  • SMS a one time code to your mobile phone
  • Voice call to your mobile phone
  • Voice call to your office phone
  • Voice call to your alternate phone (usually your home phone or a different mobile phone)

E-mail is not available for use as an authentication method.

It is strongly recommended that you add more than one method, to provide you with maximum flexibility when authenticating via MFA, especially to cover scenarios where you may not be in a mobile service area, or your mobile phone has a flat battery.

However, you may set up and use whichever methods you choose, including your preferred default method, although the methods available may be restricted when you are attempting to authenticate using MFA from outside Australia.

Note that if you are using an app that requires you to authenticate via MFA, and you have not previously set it up, in many cases the app will force you through this set up process. 

If you want to find out more about the technical ins and outs of MFA, you can try reading this Microsoft Support article on how it works.

Please note that the phone numbers and personal details used in MFA are only used for authentication and are not used for any other purpose.

The instructions below on setting up and using MFA consist of the following sections

  • Setting up MFA
  • Add Authenticator app method
  • Add Phone method
  • Add Alternate phone method
  • Add Office phone method
  • Changing the default method

Video tutorial

An extended video tutorial (duration 25:28) - Introducing Multifactor Authentication - is available to give you a thorough grounding in all aspects of MFA.

Short clips from the video tutorial can also be viewed from relevant sections of this article, to provide additional assistance in setting up MFA.

 

Instructions

Setting up Multi-factor Authentication

Step 1 - Open https://myaccount.microsoft.com/ in your browser - see video clip (duration 01:54) Setting up MFA for more help.

You will generally not need to perform a sign in to this website if:

  • you have recently logged in via your corporate laptop when it is connected to the corporate network, either directly in the office or remotely via a VPN.
  • you have recently logged in to a resource on your current device using your department login in the format firstname.lastname@education.vic.gov.au, whether or not the device is your corporate laptop or your own device.

If you are not required to sign in proceed to Step 2, otherwise you will need to sign in using your department e-mail address in the format firstname.lastname@education.vic.gov.au, followed by your password, as per the two images below. Note that in the examples below, the name of the user has been blurred out for security reasons.

Screenprint - Microsoft Sign in

Alternately, you may be asked to select the account you wish to use with MFA, as per the image below. Select the account presented in the format firstname.lastname@education.vic.gov.au.

Screenprint - saelect the account you wish to use with MFA

Next, you will be requested to enter your Windows password, as per the image below.

Screenprint - eduPass - enter password

Step 2 - In the Security info pane on the https://myaccount.microsoft.com/ website, click on the UPDATE INFO link, as per the image below:

Screenprint - Security info pane

Note that if you have previously set up any MFA methods, at this stage you may be asked to authenticate via MFA.

If you have not previously set up your MFA options, you will not need to authenticate now, whether or not you are logged in to the corporate Department network.

Step 3 - Click on the Add method link, as per the image below:

Screenprint - Security info - add method

Each of the following subsections detail how to add individual MFA methods. As mentioned in the introduction of this article, we strongly recommend that you set up more than one method, in order to give you maximum flexibility of MFA options and suiting your needs by covering a range of different circumstances.

You may choose to setup whichever methods are most convenient for you to use out of the following options:

  • Authenticator app method on your iPhone or Android phone
  • Phone method (Voice and SMS) - the number you use must be a mobile phone
  • Alternate phone method (Voice only)
  • Office phone method (Voice only).

In this case, we are assuming that the first (and thus the default) method you have chosen to add is the Microsoft Authenticator app deployed on your iPhone, iPad or Android mobile phone. Note you may change the default method at any time, as defined in the relevant subsection later in this article.

Add Authenticator app method

Perform the following steps to add your iPhone, iPad or Android phone to MFA for use with the Authenticator app method. Note that you can add multiple phones using the Authenticator method..

Step 4 - You will be prompted to install Microsoft Authenticator on your mobile device, as per the image below. If you have not previously done so:

Please note that if setting up Microsoft Authenticator on your mobile device took a while, you may be timed out of your MFA session. If this is the case, click on the Refresh or Reload your page button in your browser to restart your session.

Step 5 - Once you have followed the instructions to install and set up Microsoft Authenticator on your iPhone, iPad or Android phone, you will have successfully set it up an MFA method.

Step 6 - Switch back to your laptop, and continue with the following steps.

Add Phone method

Perform the following steps to add your iPhone, iPad, Android or standard mobile phone to MFA for both SMS and voice call methods. Note that you can select only one mobile device using the Phone method - see video clip (duration 00:50) Adding the phone method for more help.

Step 7 - Click on the Add method link, as per the image below. Note that in this example, the Microsoft Authenticator app method has already been successfully added, although the id of the phone has been blurred out for security reasons.

Screenprint - Security info - Add method

Step 8 - In the Add a method pop-up window in your browser, select Phone as the method using the drop down menu, as per the image below.

Screenprint - Add a method - select Phone from drop down menu

Step 9 - Click on the Add button, as per the image below.

Screenprint - Add method - Phone

Step 10 - In the Phone pop-up window in your browser, select Australia (+61) in the drop down menu, and type in the phone number of your mobile device, as per the image below. Note the phone number in this example has been blurred out for security reasons. In this example, the phone number will be verified by sending a SMS text message with a one time passcode - the other option is to verify via a voice call.

Screenprint - Phone - enter mobile phone number for text and voice call

Step 11 - Microsoft will send an SMS to your mobile device with a 6-digit one time passcode. Enter the passcode in the Enter code field, and click on the Next button, as per the image below. Note that in this example the phone number has been blurred out for security reasons. Please note that the code is only valid for a short period of time.

Note that the SMS may present as coming from a non-Australian caller-id.

Screenprint - Phone - Enter one time passcode from SMS text

Step 12 - The browser will display a confirmation message, verifying that the Phone method has been registered for your mobile device, as per the image below. Click on the Done button.

Screenprint - Phone - one time passcode from SMS text verified

Add Alternate phone method

Perform the following steps to add a phone number - usually your home landline phone or another mobile phone service - to MFA for voice call authentication only. Note that you can select only phone number using the Alternate phone method - see video clip (duration 00:55) Adding the alternate phone method for more help.

Step 13 - Click on the Add method link, as per the image below. Note that in this example, the phone numbers and Authenticator ID have been blurred out for security reasons.

Screenprint - Security Info - Add method

Step 14 - In the Add a method pop-up window in your browser, select Alternate phone as the method using the drop down menu, as per the image below.

Screenprint - Add method - select Alternate phone from drop down list

Step 15 - Click on the Add button, as per the image below.

Screenporint - Add method - Alternate phone

Step 16 - In the Phone pop-up window in your browser, select Australia (+61) in the drop down menu, and type in your alternate phone number, as per the image below. Note the phone number in this example has been blurred out for security reasons.

Screenprint - Phone - enter phone number

Step 17 - Microsoft will call your phone number - your browser will display a pop-up window advising you the call is being made. When you pick up the call, you will receive a voice message. Follow the directions in the voice message to verify your phone number.

Note that the phone call may present as coming from a non-Australian caller-id.

Step 18 - The browser will display a confirmation message, verifying that the Phone method has been registered for your phone, as per the image below. Click on the Done button.

Screenprint - Phone - Verification of voice call answered

Add Office phone method

Perform the following steps to add your office phone (i.e. for corporate Department staff, your Skype for Business number) to MFA for voice call authentication only. Note that you can select only one office phone number using the Office phone method - see video clip (duration 00:53) Adding the office phone method for more help.

Step 19 - Click on the Add method link, as per the image below. Note that in this example, the phone numbers and Authenticator ID have been blurred out for security reasons.

Screenprint - Security info - Add method

Step 20 - In the Add a method pop-up window in your browser, select Office phone as the method using the drop down menu, as per the image below.

Screenprint - Add method - select Office phone from drop down menu

Step 21 - Click on the Add button, as per the image below.

Screenprint - Add a method - Office phone

Step 22 - In the Phone pop-up window in your browser, select Australia (+61) in the drop down menu, and type in your office phone number, as per the image below. Note the phone number in this example has been blurred out for security reasons.

Screenprint - Phone - enter phone number

Step 23 - Microsoft will call your phone number - your browser will display a pop-up window advising you the call is being made. When you pick up the call, you will receive a voice message. Follow the directions in the voice message to verify your phone number.

Note that the phone call may present as coming from a non-Australian caller-id.

Step 24 - The browser will display a confirmation message, verifying that the Office phone method has been registered for your phone, as per the image below. Click on the Done button.

Screenprint - Phone - confirmation of voice call method added for office phone

Changing the default method

After you have set up the methods you want to use, you may wish to change the default MFA method to the method you will use the most. Please note that most people find Microsoft Authenticator on their iPhone or Android phone is the most convenient option - see the video clip (duration 00:42) Changing the default method for more help.

Step 25 - Click on the Change link against the Default sign-in method, as per the image below. In this example, the current default method is Microsoft Authenticator.

Screenprint - Security info - Change default method

Step 26 - In this case, we wish to change the default method to use SMS text. Use the drop down menu, as per the image below, to select the Phone - text method.

Screenprint - Change default method - select Phone - text

Step 27 - Click on the Confirm button to change the default, as per the image below.

Screenprint - Change default method to Phone text

You have now changed your default MFA method.

Now you have finished setting up, read the article on using Multi-factor Authentication.

Additional Information

If you have any questions regarding the content of this knowledge article, please log an Enquiry with the Service Desk, or call:

  • Corporate - (03) 9637 3333
  • Schools - 1800 641 943

If you have any suggestions as to how to improve this knowledge article, please use the comment section below to give feedback.