MFA Update - Security change to Microsoft Authentication App

On Friday (3^rd February 2023) we were made aware of important change to the way the Microsoft Authentication Application allows one to approve access to a Single Sign On service, including Nexus 365 email and Microsoft Teams.  

From Wednesday 22^nd February Microsoft will be implementing a significant alteration to the approval mechanism - moving from the ‘approve’  and ‘deny’ options to requesting a number to authenticate the request. This number will appear on the device requesting access to a service, and in turn needs to be entered on the device which approves access.

No prior warning of this was given, but a number of the team have managed to quickly establish early adoption status, and have been testing since Friday, and can confirm that although the change is different it is straightforward, and not one to be concerned about. Below are the steps in turn…

Step 1: Attempt to log in to University Single Sign On Service/System on device which needs access:

Step 2: Once SSO Username and Password have been successfully entered on the device which needs access a number will be displayed on the screen (as below)

 Step 3: The device which has the Microsoft Authentication Application installed will now pop up requesting the number be entered – please enter this number and once done select ‘Yes’, which will approve the authentication request

Thank you for taking the time to read this, and if you have any questions or concerns related to this please do not hesitate to get in touch via it@museums.ox.ac.uk .