MFA (multi-factor authentication)

1 What is MFA and why do we use it?
2 How to configure MFA?
3 Confirm MFA each time?
4 I’ve lost my smartphone, now what?
5 I have a new smartphone
6 I only have a regular cell phone
7 Change MFA method
8 Using other authenticator apps?
9 Using hardware tokens?

Quick to…

→ MFA configuration (add or delete MFA methods)

→ Password reset (you forgot your password)

→ Password change (you know your password, but want to change it)

What is MFA and why do we use it?

To securely log in to our systems at AP, we utilize multi-factor authentication (MFA). In this process, you not only need your password (something you know) but also a second step to confirm your login (something you have, like an app on your smartphone).

We recommend the free app “Microsoft Authenticator” as an MFA authentication method

Each time when you use an application or device for the first time since the activation, you have to confirm your identity using “Microsoft Authenticator” on your mobile phone. Your status will remain active for 60 days.

Do you have any questions, comments or need for technical support, don’t hesitate to contact the ICT servicedesk. We will make sure to assist you properly.

Thank you for your cooperation in making AP a secure environment!

Attention: MFA is obligatory for all students and employees

How to configure MFA?

On your computer, go to https://aka.ms/mfasetup and use your AP account to logon (s-/p-number@ap.be). After confirming your password, you will be requested to provide additional information. Click on Next
On the next screen you are requested to install the Microsoft Authenticator app on your smartphone. This app is available on Android (using the Google Play Store) or for Apple iOS (using the App Store). Once you have installed the app on your smartphone, continue on your computer and click Next

After installing the app, you’ll be asked to add your account. Tap on “Work- or school account”. If not, you can easily start the process yourself by pressing the button “Add Account” or by the + icon, eg. In case you’re already using the app with other accounts.
As a result, your smartphone will open its camera or you are asked to scan a QR code. This QR code will be shown by the wizard on your computer. Tap on your smartphone on the option to scan the QR code.
On your computer, click Next.
Use your smartphones camera for scanning the QR code that is shown on your computer screen.
Should this operation fail, tap on ‘OR ENTER CODE MANUALLY’, shown on the bottom of the screen on your smartphone and click on ‘Unable to scan the code’ on your computer screen. This way, you can enter the code that is shown on your computer screen in the text box on your smartphone.

Click Next on your computer.
After clicking 'Next,' the activation status is checked. A number will appear on your computer. Subsequently, a notification will appear on your smartphone, which you need to accept, just like when you will be asked to use MFA in the future. Approve the request on your smartphone by entering the correct number and confirming. Once done, click 'Next' on your computer.

Click Next for completing the verification of the activation status.

Select the country of your cellphone and fill in your cellphone number in the textbox, leaving out the leading 0.
Continue by clicking Next
On your computer, enter the 6-digit code that you just received by text message and click Next to continue.
After correctly entering the digits and finalizing the wizard, the wizard will show that the registration was successful. Click Next
The final screen shows you an overview of the verification methods that you’ve just configured. The example below shows the methods that have been set up with this guide, Phone for your cellphone number and of course the Microsoft Authenticator-app. Click Done to finalize the registration.

Confirm MFA each time?

You log in once on each device where you use AP applications. Once logged in and confirmed to remember, your MFA access will be retained on a trusted device for 60 days. After 60 days, you will need to give permission again via MFA. You will see a number on your computer that you must confirm in the app on your smartphone.

I’ve lost my smartphone, now what?

As long as the trust period on a device has not expired, you can log in with your AP account on that device. However, we recommend immediately going to aka.ms/mysecurity and removing your lost smartphone from the registered sign-in methods. If you can no longer log in without your lost smartphone, contact the ICT servicedesk to reset your MFA registration.

I have a new smartphone

Follow the above guide on your new smartphone while having your old smartphone on hand. This way, you can first confirm your identity with your old smartphone and add the Microsoft Authenticator app to your new one. Then, remove your old smartphone as an authentication method via aka.ms/mysecurity to avoid notifications going to your old device.

I only have a regular cell phone

Visit the servicedesk on your campus and bring your phone with you. We will configure your account to use SMS authentication instead of the app.

Change MFA method

Go to aka.ms/mysecurity. On that page you can change your MFA method or add a new one.

Using other authenticator apps?

We recommend Microsoft Authenticator because it seamlessly integrates with our systems. However, if you prefer to use another app, that's also possible. Aegis or FreeOTP are good choices.

Using hardware tokens?

Yes, it is possible. However, be cautious: not all hardware tokens work in a Microsoft 365 environment. Make sure to gather information before making a purchase.