Multi-Factor Authentication (MFA) Guide for Defence 365

This guide outlines the multifactor authentication (MFA) options available for Defence 365 (D365).

If you plan to use your unmanaged/personal device to access D365, please refer to the guide linked in #1.

• Set up MFA on an unmanaged/personal mobile device
• Set up MFA on an SSC/DND managed device
• Set up the National Baseline Integration Services MFA application
• Set up a phone call MFA

This guide also explains how to change or remove authentication methods.

Set up MFA on an unmanaged/personal mobile device

To set up multi-factor authentication (MFA) on your unmanaged/personal mobile device, you'll need to

1. Enroll your device in Intune Company Portal,
2. Set up Microsoft Authenticator app
3. Enable passwordless sign-in.

These steps can be completed on your unmanaged/personal iOS or Android device.

• iOS User Guide
• Android User Guide

Set up MFA on an SSC/DND managed device

Follow the specific sections of the user guides below to set up MFA on your SSC/DND managed device.

• iOS:
  • Set up Microsoft Authenticator app
  • Enable passwordless sign-in
• Android:
  • Set up Microsoft Authenticator app
  • Enable passwordless sign-in

Important: you do NOT need to set up Intune company portal on an SSC/DND managed device.

Set up the National Baseline Integration Services (NBIS) MFA application

The NBIS MFA app is available as an authentication method for individuals who prefer not to use an unmanaged/personal device, or a phone call, for their authentication method.

1. On your DWAN managed device, open the Software Centre.
2. Search and download “NBIS MFA”.
3. Once the NBIS MFA app has downloaded, go to myaccount.microsoft.com.
4. Under “Security info” select “Update info”.
5. Select “Add sign-in method”.
6. From the drop-down menu select “Authenticator app”.
7. Then click “Add”.
8. In the following pop-up select “I want to use a different authenticator app”.
9. Select “Next”.
10. Select “Can’t scan image”.
11. Open the NBIS MFA app.
12. Select “Add”.
13. Copy the name and the key from your browser and paste in the NBIS MFA app then press “OK”.
14. Return to the Microsoft sign in page and click “Next”, it will ask you to input a 6-digit code. Enter the code that is displayed in the NBIS MFA app.
15. You have successfully added the NBIS MFA app as an authentication method.

Important: If you have enabled passwordless sign-in on your account, you will need to switch to a different authentication method to use the NBIS MFA app.

To switch sign in methods from passwordless

1. Open a browser in incognito mode.
2. Visit myaccount.microsoft.com
3. sign-in using your ECN account.
4. When prompted to use your Microsoft Authenticator to sign-in select “Other ways to sign-in".
5. Then select “Use my password”.
6. Enter your ECN password.
7. You can now use your NBIS MFA to authenticate.

Set up a Phone Call MFA

Follow the steps below to configure a phone call as your authentication method.

1. On a computer, navigate to My Account (microsoft.com) (Accessible only on the National Defence network).
2. Under the Security Info heading, select "Update Info".
3. Select "Add sign-in method".
4. Select "Phone" from the dropdown menu. If using a phone with an extension select "Office Phone".
5. Enter your phone number and extension if applicable. Microsoft will call your phone. Listen for the prompt and press the "#" key.
6. Now whenever you are prompted to sign in and you don’t have access to your cell phone or your default method of authentication, you can select "Sign in another way" and the telephone option will be available.

How to Change the Default Authentication Method

1. Navigate to My Account (microsoft.com) (Accessible only on the National Defence network).
2. Under the Security Info heading, select "Update Info".
3. You will be asked to authenticate using the method set up during onboarding.
4. Once you reach the Security Info page, click "Change" beside Default sign-in method.
5. In the drop-down menu that appears, select the method you would like to make your default authentication method.
6. Click "Confirm".
7. Next to the Default sign-in method, you should now see the newly selected authentication method.

How to Remove an Authentication Method

1. Navigate to My Account (microsoft.com) (Accessible only on the National Defence network).
2. Under the Security Info heading, select "Update Info".
3. You will be asked to authenticate using the method set up during onboarding.
4. Once you reach the Security Info page, find the authentication method you would like to remove from the list.
5. Click "Delete" and then "OK" to confirm.
6. The authentication method should be removed from the list of sign-in methods.

Back to top