Home | News | Multi Factor Authentication rollout to all staff

Multi Factor Authentication rollout to all staff

Security

The Trust will soon be rolling out the use of MFA (Multi Factor Authentication) to all staff. MFA adds an additional step in authenticating your Trust credentials when accessing Trust IT systems, providing a much-enhanced level of security. Many staff are already using this, but we need ALL staff enrolled to protect both you and the Trust.

MFA is only required when logging in from outside the Trust. It will not be necessary when logging in on a Trust issued device connected to the Trust network. (See examples below).

Most of you will be used to using MFA in many other aspects of your life such as online banking, utility billing, shopping, personal email accounts, etc). The Trust’s MFA solution will work in the same way.

We will be rolling MFA out gradually; When you log on a message will appear asking you to enrol for MFA, you will be able to cancel this for up to 14 days to avoid situations where you need to access IT resources urgently; but after 14 days you will have to enrol to be able to logon in the scenarios outlined below

Simply follow the steps on screen to set up your MFA. Please note, if you have already enrolled in MFA, you will not receive the enrolment message.

You need to register for MFA and select a secondary method(s) of authentication. This can be the Microsoft Authenticator app (free to download and the preferred solution), your mobile number to send a code to or an alternative email address to send a code to.

We have created some short videos which show you how to:

  1. The features of EEAST’s Webmail web page
  2. How to enrol for self service

When MFA is required (as below), once you have entered your username and password, a screen will pop up prompting you for your chosen method of MFA. Simply follow the on-screen instructions to authenticate your logon and you will be given access to the chosen resource.

Please note that you will only need to do this for each session, once authenticated via MFA you will be able to connect to numerous systems (email, Teams, OneDrive, etc) without the need to re authenticate. You will only need to re-authenticate after you close that session and open another one.

You WILL NOT be required to use MFA when:

Logging in on a Trust issued computer on a Trust site

Logging in on a Trust laptop with remote access enabled and connected when working remotely

Logging in using your Trust issued iPad when connected to the Trust network (i.e., on station, at a hospital where Trust Wi-Fi is available, or when connected via the Trust’s APN)

You WILL be required to use MFA when:

Connecting using a personal device via a web browser (i.e., a personal computer or tablet at home or a personal mobile phone not registered on the Trust’s MDM solution)

Logging in using your Trust issued iPad when NOT connected to the Trust network (i.e., at home)

- IT Service Desk

Published 30th January 2023