Frequently Asked Questions
Frequently Asked Questions
We are enhancing the security of University of Calgary e-mail to a wide audience, so it's only natural to wonder how this impacts your work. It's our pleasure to provide you with the information you need.
Multi-factor authentication (MFA) is a method of authentication that requires more than one verification to access your email account and adds a critical second layer of security to user sign-ins. It works by requiring any two or more of the following verification methods:
- Your IT password
- A secondary authentication method (such as a trusted device like a mobile phone or desk phone.)
When using multi-factor authentication, you will periodically have to accept your sign-in attempt from a trusted source. You can set-up MFA using:
- A mobile app, either using push notification or generating a token code.
- Accept a call on your mobile phone.
- Receive a text to your mobile phone, with a token code.
- Accept a call to a desk phone (you also can set up a home phone.)
Be careful to only accept authentication requests when you are actively signing into your account (entering your password).
Multi-factor authentication is supported with the following email and calendar apps:
- Outlook 2016, 2019, and 365 for Windows and Mac
- Outlook for iPhone and iPad
- Outlook for Android phones and tablets
- Outlook Web Access
- Apple Mail and Calendar for iPhone (iOS 11 or later), iPad (iOS 11 or later, or iPadOS), and Mac (High Sierra or later) *
- Android Mail and GMail (Android 10 or later) *
- Mail for Windows 10
Other e-mail and calendar applications have not been tested to work once MFA is enabled. If your device does not support one of the above applications, consider using Outlook Web Access.
* Using non-outlook apps may require you to remove and re-add your account to enable MFA, depending on how you set your device up.
You are able to self-register for MFA. Please follow the activation instructions below:
You will periodically have to accept your sign-in attempt from a trusted source:
- A mobile app, either using push notification or generating a token code for offline use.
- Accept a call on your mobile phone.
- Receive a text to your mobile phone, with a token code.
- Accept a call to a desk phone (you also can set up a home phone.)
Instructions on how to use these methods of verification are available here:
How to Use Multi-Factor Authentication
These one-time app passwords are generated by Office 365 account security, and can be used in-place of your standard password within a mail application.
- The app password is how your account identifies the app is a safe source.
- Use one app password per app per device. You can create multiple app passwords for different apps.
- App passwords are meant to last, but may expire without notice. If necessary you can generate a new app password at any time.
- App passwords cannot be reused or retrieved.
- App passwords are meant to be difficult to remember and replicate.
Instructions on how to setup app passwords are available here:
Important: Support for older mail clients that use IMAP or POP3 is ending November 2020. This means all Office 365 users, including the University of Calgary must switch to supported mail clients before that date.
Yes! At any time you can change or add more verification methods. (e.g. Mobile app, mobile phone, text message, etc.)
Instructions on how to add or update MFA settings are available here:
How to update multi-factor authentication settings in Office 365
We encourage you to enable more than one method of verification, in the event that your default method fails for whatever the reason.
For example:
- You forget your phone at home
- You set up an Office phone, but you need to access your mail while travelling
- You are in an area of poor phone reception
If your default method fails for any reason, you will be able to click the Sign in another way link on the Approve sign in request window.
We recommend installing and using the Microsoft Authenticator mobile app, as it provides both online push notifications and offline token code options for sign-in, which is useful if you are travelling abroad without data. If you do not have a smartphone, then a call or text message to your mobile phone is the next best option.
The Microsoft Authenticator takes up very little space on your phone, cannot control your device, and you can choose to use the app without using your data plan.
The answer depends on how many apps and devices you use to access your Office 365 email and calendar. Generally, from your primary device (Outlook on work desktop or laptop) you can approve sign in for up to 30 days. If you sign in on another computer, or on the web, then you will be prompted for authorization again. Some applications may prompt you more often even from the same device.
If you receive approval requests for access to your Office 365 and you are not actively signing in (entering your password) then deny the access! If this occurs frequently, your account password may be compromised. In this case, reset your IT Account password online at password.ucalgary.ca or by calling UService at (403) 210-9300
Email clients which only use a username and password will not work with UCalgary email.
Simply put, the answer is "No". The Microsoft Authenticator app is not owned by the University, we are not granted any information from it, and the app is not able to collect information about the phone to send to Microsoft. It also does not have an MDM component, so it will not attempt to manage the phone.
Recovering MFA on a new phone depends on what options you set up:
Microsoft Authenticator app
The Microsoft Authenticator app has a backup and restore option. If you enabled backup on your previous phone, download the Authenticator again on your new phone and restore it. For instructions, see this Microsoft article.
You can enable the backup option on an old phone if you have not set this up yet and restore the Authenticator app on your new phone.
If you did not back up your previous phone's Authenticator app and no longer have access to it, then visit https://aka.ms/mfasetup. You may be prompted for the Authenticator app, select "I can't use my Microsoft Authenticator app right now" from the sign in request screen. Select one of your backup phone numbers and complete authentication. Follow the the Getting Started instructions to add a new Authenticator. Remove your old one from the list of options.
Without any backup phone numbers contact UService - IT by phone for assistance.
Phone number (voice call or text message)
If you no longer have access to the phone number you used for MFA authentication, you may update your phone number at https://aka.ms/mfasetup. You may be prompted for authentication, select "Having trouble? Sign in another way" from the sign in request screen. Select one of your backup options (such as another phone number or the Authenticator app) and complete authentication. Follow the the Getting Started instructions to add a differnet phone number or Authenticator app. Remove your old phone number from the list of options.
Without any backup phone numbers or a backup Authenticator app contact UService - IT by phone for assistance.
Important: We recommend backing up your Authenticator app (see here) and adding additional phone numbers to make recovery easier when changing phones.