91ÇàÇà²Ý

MFA FAQ - Frequently Asked Questions

How I sign in if I lose my phone?

• MFA is active when signing in from outside of Aalto workstation network. If you use VPN or sign in an Aalto workstation network you are not required to sign in with MFA, except when updating bank account details to Workday. If you do not recover your phone please send a ticket 91ÇàÇà²Ý IT Service Desk.

I have a new phone and can use the old one to verify my identity using the Microsoft authenticator app. How can I change it to my new phone?

1. Keep your old phone ready to receive the code from Authenticator
2. Go to 
3. Sign in with your Aalto email address
4. Approve (Authenticator asks the code sent to your old phone)
5. + Add sign-in method (your new phone)

6. Remove the old phone from the list

I have a new phone and can't use the old one to verify my identity using the Microsoft authenticator app. How can I reset that?

• Reset your MFA registration at the self-service portal:

  -> suomi.fi authentication -> start a new request -> application access -> MFA registration reset -> add to cart -> submit

  wait for 30 minutes, and then you can re-register to for the multifactor authentication service with these instructions: /en/services/aalto-multifactor-authentication-on-office-365-accounts

  Note: In rare occurrences, the authentication methods and their default options are set in a way that cannot be reset all at once. If, after waiting for 30 minutes, the re-registration steps still prompt for an MFA referring to any of your old authentication methods, please request the self-service reset again. Re-registration should then be possible after another 30 minutes.

  Note: For suomi.fi authentication you need Finnish online banking credentials. You can also visit IT Service Desk, where your identity is verified with an ID card with a photograph.

I deleted the Microsoft authenticator app from my phone. Now when I'm trying to re-download it, I'm not able to log into the authenticator app, nor am I able to log into any of my Microsoft software. How to proceed?

• Reset your MFA registration at the self-service portal:

  -> suomi.fi authentication -> start a new request -> application access -> MFA registration reset -> add to cart -> submit

  wait for 30 minutes, and then you can re-register to for the multifactor authentication service with these instructions: /en/services/aalto-multifactor-authentication-on-office-365-accounts

  Note: For suomi.fi authentication you need Finnish online banking credentials. You can also visit IT Service Desk, where your identity is verified with an ID card with a photograph.

Can I use multiple phones?

• Yes MFA supports the registration of multiple phones.

Is MFA signing required when I use Office 365 apps/browser with my mobile phone?

• Yes, mobile phone apps support also MFA.

Where my phone number or email address are stored when I register?

• They are stored in the Aalto tenant. The registration details are only visible to the Aalto Office 365 admins. 

Can I Opt-out from MFA?

• MFA was required for Office 365 services from spring 2021 and you can't opt-out.

Will the use of MFA grow?

Yes. University's whole VDI environment and VPN use on users' own devices will be protected by MFA in the near future. Possibilities to protect other services by MFA is examined.

What authentication methods can I use with MFA, i.e. Do I necessarily need a smartphone?

MFA is easiest to use via an app installed on your smartphone, but there are other options as well. You can also receive the verification code used to log in as a text message or via a robot call. If you cannot use a phone, you can also use hardware designed for this purpose (hardware token). An option that has been found to work is an Ubikey key, which works on the USB port of the terminal.