MFA helps protect users by making it more difficult for someone else to sign in to their NHSmail account. It uses two different forms of identity: the user’s password, and a contact method.
Multi-Factor Authentication (MFA) provides an additional layer of security to your NHSmail account when signing in to NHSmail via a web browser. As a Local Administrator (LA) you will have MFA automatically enabled on your NHSmail account. You will continue to sign in to NHSmail with your username and password.
In addition to this, you will be required to authenticate your sign-on via a secondary method (for example, a text message code). This guide provides guidance on registering for and signing in with MFA. MFA helps protect users by making it more difficult for someone else to sign in to their NHSmail account. It uses two different forms of identity: the user’s password, and a contact method.
Even if someone else finds the user’s password, they will be prevented from gaining access to the NHSmail account if they do not also have access to the user’s preferred contact method.
Once MFA has been enabled on your account, two-step verification will help keep your NHSmail account secure: a security code will be sent to your mobile phone or generated via the Microsoft authenticator app every time you sign in.
Setting up Multi-Factor Authentication
Mobile App Method Enrolment
6. Once the app recognises the QR code it will generate a six-digit code (as shown below). This code expires in 30 seconds but a new one will be generated if it is not used in time.
8. After successful registration of your mobile app, you will receive acknowledgement that ‘mobile app has been configured for notifications and verification codes’. Select ‘Next’ as illustrated below.
Mobile App Method
Mobile App Method Verification
1. Enter phone details and choose whether to receive a text message with a verification code, or a phone call. This phone number is your preferred contact method, and is not linked to the number listed in your NHSmail Portal profile, i.e. it can be the same number, or you can opt for a different one.
2. Click on ‘Next’ to proceed with authentication. If you have chosen to receive a text, you will be redirected to a verification page – follow the prompt and enter the code. If ‘Call me’ is chosen instead, answer the call and follow the instructions to be verified.
1.Following setup, you will be directed to a screen with further information on your app password. Click ‘Finished’ once you have reviewed the information and password.
Changing authentication method after registration
This section of the guide provides information on how to change your authentication method, for example, if your mobile number or your preferences change.
1. Sign in to https://mysignins.microsoft.com/security-info to be able to change the authentication method.
Changing phone number or adding a secondary number
To change the primary phone number:
2. Select Next after entering the new phone number. If this is the number used for the preferred verification method, the new number will need to be verified before it can be saved (this will be via text message verification code or phone call). Enter the code you receive (via text message verification code or phone call) on the new phone number. The new phone number will be verified.
This number is independent of the mobile number listed in your NHSmail Portal profile.
To add a secondary phone number:
1. On the ‘Security Info’ page, select ‘Add sign-in method’. Click the drop down and select ‘Alternate Phone’ and click Add. Enter a secondary phone number in the text box. Select Next and changes are complete.
Adding or switching to mobile app authentication
On the ‘Additional security verification’ page, check the box next to ‘Authenticator app’. Select Configure and follow the steps in the mobile app section of this guidance document.
2. After entering your login details, the authentication process will default to the verification method you selected. You can also choose a different authentication method if needed.
3. Open the Authenticator app to access the verification code, or have it sent to you via text message or phone call. Once you have entered the code or approved the signin attempt you will be logged in.