As part of the ongoing Security Remediation project, we are in the final stage of fully securing our Microsoft 365 services with Multi-Factor Authentication (MFA).

To complete this work, Digital and Technology Services plan to make MFA a requirement for all Guest accounts who access data within the UK University of Nottingham Microsoft 365 service.

Who is a guest?

A Guest is defined as an external account (anything other than @nottingham.ac.uk) where data within 365 has been shared. This could be a file, folder or invite to a Teams / SharePoint site.

The University of Nottingham, China and Malaysia accounts are also classed as Guests, anyone with an @nottingham.edu.cn/my email.

When is this change due to take place?

DTS are aiming to make this change within the next few weeks. Once enabled, all guests will need to set up MFA when prompted and provide approval to gain access to information shared within Microsoft 365.

All guest accounts will be emailed to inform them of the upcoming MFA security requirement.

What is the process for guests?

When guests go to access shared data, they will get a Microsoft prompt asking for more security information. From here the user will need to set up MFA as instructed.

We will provide instructions to all guests via the DTS website on how to set up MFA.

Please support your collaborators with this essential process, to help ensure data is shared and accessed securely.