Language selection

Government of Canada / Gouvernement du Canada

Search

Multi-Factor Authentication (MFA) Guide for Defence 365

On this page

Introduction

When you sign in to Defence 365 (D365) for the first time, you will be asked to set up a Multi-Factor Authentication (MFA) method to secure your account.

Multi-factor authentication (MFA) is a security feature that verifies your identity using two or more different verification factors when you sign in.

Logging in using your Defence 365 account credentials is one factor. MFA requires an additional factor, which you can set up using the instructions on this page.

MFA Methods

table for mfa method information
MFA Method When to use

Passwordless Sign in

(using Microsoft Authenticator)

Requires an iOS or Android mobile device. Can be set up on both unmanaged/personal and SSC/DND managed devices.

If using an unmanaged/personal device:

  • Use this method if you’re comfortable installing Microsoft Authenticator on your unmanaged/personal device
  • Note: setting up passwordless sign-in alone on your unmanaged/personal device does not give you full access to D365 on that device. For full access, follow onboarding instructions:

If using a managed SSC/DND device:

  • Use if you want to authenticate with an SSC/DND managed device.

MFA phone call

Use this method if you want to receive a phone call when authenticating to D365.

Please note that Microsoft Authenticator is the preferred MFA method.

Set up Passwordless Sign in (using Microsoft Authenticator)

The steps below apply for both unmanaged/personal and SSC/DND managed devices.

Note: If you are using an Android device, you must install the Company Portal app from your device’s app store before proceeding. Installation of this app is sufficient. Enrollment is not required.

  1. Search for and install the Microsoft Authenticator app from your device’s app store.
  2. On the initial screens, tap “Accept” and “Continue”.
  3. Tap “Add work or school account”
  4. Sign-in using either:
    • your D365 account and a Temporary Access Pass (TAP), or
    • your D365 account and password plus phone call authentication method.
  5. On the next screen, tap “Continue”.
  6. A pop up will ask if Authenticator can send you notifications, select “Allow”.
  7. Your account should be added, tap “Done”.
    • If you receive an error that says your device cannot be registered, check your device limit and ensure you have less than 5 devices registered. To check your current devices, visit the MyInfo Portal (DWAN) (Accessible only on the National Defence network) and on the Devices tile, select “Remove registered devices” to view and remove any devices as necessary.
  8. Tap your Defence 365 (ECN) email address (firstname.lastname@ecn.forces.gc.ca)
  9. Tap “Set up passwordless sign-in requests” or “Enable Phone Sign In”
  10. Tap “Continue”.
  11. Enter your Defence 365 (ECN) password and tap “Sign in”.
  12. Approve the sign-in request by entering the matching number on your Microsoft Authenticator app and tapping “Yes”.
  13. Tap “Register” to complete the passwordless setup.

Set up a Phone Call MFA

Follow the steps below to configure a phone call as your authentication method.

  1. On a computer, navigate to My Account (microsoft.com).
  2. Under the Security Info heading, select "Update Info".
  3. Select "Add sign-in method".
  4. Select "Phone" from the dropdown menu. If using a phone with an extension select "Office Phone".
  5. Enter your phone number and extension if applicable. Microsoft will call your phone. Listen for the prompt and press the "#" key.
  6. Now whenever you are prompted to sign in and you don’t have access to your cell phone or your default method of authentication, you can select "Sign in another way" and the telephone option will be available.

Change Your Default Authentication Method

  1. Navigate to My Account (microsoft.com).
  2. Under the Security Info heading, select "Update Info".
  3. You will be asked to authenticate using the method set up during onboarding.
  4. Once you reach the Security Info page, click "Change" beside Default sign-in method.
  5. In the drop-down menu that appears, select the method you would like to make your default authentication method.
  6. Click "Confirm".
  7. Next to the Default sign-in method, you should now see the newly selected authentication method.

Remove an Authentication Method

  1. Navigate to My Account (microsoft.com).
  2. Under the Security Info heading, select "Update Info".
  3. You will be asked to authenticate using the method set up during onboarding.
  4. Once you reach the Security Info page, find the authentication method you would like to remove from the list.
  5. Click "Delete" and then "OK" to confirm.
  6. The authentication method should be removed from the list of sign-in methods.

Back to top

Page details

2025-11-07