Multi-Factor Authentication

Setting up Multi-Factor Authentication

You need to register at least one authentication method (we recommend the Microsoft app).

Download the Microsoft Authenticator App:

Multi-Factor Authentication prompts

You will be prompted to set up MFA next time you authenticate to any Office 365 services.

On your PC or laptop device, once you've entered your username and password as usual, you'll see a 'More Information Required' screen:

  1. Click 'Next' and the 'Additional security verification' screen will appear.
  2. In the drop-down box, select 'Mobile App' and 'Receive notifications for verification'.
  3. Now click 'Set up' and scan the QR code on the Configure Mobile app screen.

On your mobile phone, start the Microsoft Authenticator App:

  1. Once in the App, click on the 3 dots in the top right-hand corner of the screen and choose 'Add account' > 'Work or school account'
  2. Select 'Scan a QR code' and Allow any permissions for your app to use the phone camera
  3. Scan the QR code on your screen using your phone. The account is now linked to your App.

On your PC, click 'Next' and you should see a message indicating that the App has been set up. You can click 'Next' again – at this point you will be asked to respond to a pop-up notification on your phone from the Authenticator App – this is how you will be prompted every time you access your account on an unknown device.

Once the setup is complete, you'll be prompted to enter a phone number. Please provide this: it will help if, for some reason, you lose access through the App. The phone number will not be used for marketing purposes.

Click 'Finish'. Your account is secured with Microsoft Multi-Factor Authentication. Nobody can access your Heriot-Watt account without being in possession of your username, password, and – most importantly – your unlocked mobile phone.

Additionally, you can register your mobile phone number to receive text codes or calls as an alternative method at

Settings and changes

Once configured, you can check your current settings and make changes.


What is MFA and why do I need it?

Multi-Factor Authentication (MFA) is a secure additional login process. It protects you and Heriot-Watt University from unauthorised access to your account, which may occur if you only use a username and password. You will receive a code to enter for authentication to use along with your username and password.

What do I do if I damage, change or lose my phone?

Please contact the Helpdesk for us to update your account details.

Why do I have to use my own device for MFA?

Using you own personal device is the most secure way to use MFA as only you have access to the device, and it is protected by a passcode.

Is Multi Factor Authentication mandatory for all accounts?

Yes, it is essential to ensure HWU systems can be accessed securely.

What do I do if I don't have a smartphone and cannot use the Authenticator app?

Please contact IShelp or email, phone 0131 451 4045

What do I do if I don’t have a mobile phone or device?

Please contact the Helpdesk or call +44 131 451 4045 for further information.

Does MFA access or save any details from my device?

No, it's just a way to receive the authentication code required in addition to your username and password to authenticate.

What do I do if I’m abroad and need to access HWU systems?

Please connect your device to the Wi-Fi service to use the authenticator app.

Why can I not login to email on my iPhone and iPad?

Please delete your account in mail settings and add it as a 365 or Exchange account.

Please visit the Helpdesk with any queries regarding MFA.