Skip to main content

2-Step for Office 365 (Heelmail)

To keep your email account safe, the University uses a security method called “2-Step Verification.” With this method, you verify that “you’re you” before you see certain sensitive information or access your Office 365 applications. You may verify by either using the Microsoft Authenticator Appphone call, or text a passcode.

 

Download and Install the Microsoft Authenticator App

The recommended method for 2-Step Verification is to use your smartphone or tablet with the Microsoft Authenticator app installed. The first step is to download and install the free Microsoft Authenticator app. Search for Microsoft Authenticator in your app store and follow the directions on your smartphone or tablet for installing the app.

 

Enrollment

Follow these steps to enroll for 2-Step for Office 365 (Heelmail). You only need to do this once.

  1. Go to onyen.unc.edu and click on 2-Step Verification for Office 365 (Heelmail).

2. Sign in with your Onyen or guest ID and password.

3. Choose the option to enroll then click on Enroll.

4. Once you have enrolled please follow the instruction under Register Your Device.

 

Register Your Device

When you first sign into an application (i.e. Office 365) that has 2-Step for Office 365 turned on, you will be prompted to set this up. Please follow the prompts carefully.

Depending on your choice, whether it is a phone call, texting you a code, or setting up the Microsoft Authenticator app (either code entry from the app or push notifications).  Whatever you choose Microsoft will set this as your default choice.  This can be changed at any time by accessing your Security Settings.

Setting up 2-Step for Office 365 for the first time:
  1. Go to office.unc.edu and at the UNC Login screen, you will see a Setup it up Now button.

2. On the next screen, you will be given a drop down to choose your default choice on how 2-Step for Office 365 will contact you.

  • Mobile App (recommended) – Here you can configure your mobile device. Please note only one mobile device may be configured at any given time.
    Decide how you want to verify your sign-in by choosing Receive notifications for verification or Use verification code (these options require you to have the Microsoft Authenticator installed, please see Install Microsoft Authenticator App toggle above).

    • Receive notifications for verification. This option pushes a notification to the Microsoft Authenticator app on your smartphone or tablet. View the notification and, if it is legitimate, select Authenticate in the app.
    • Use verification code. In this mode, the authenticator app generates a verification code that updates every 30 seconds. Enter the most current verification code in the sign-in interface.

  • Office Phone – This option will be pulled from the Business Phone number listed in the ConnectCarolina/UNC Directory. If your number is not listed correctly then please visit dir.unc.edu and update the business phone number.

  • Phone – You may enter your mobile device number or landline that can be called.
    • Send me a code by text message sends a text message containing a verification code. Following the prompt in the text, either reply to the text message or enter the verification code provided into the sign-in interface.
    • Call me places an automated voice call to the phone number you provide. Answer the call and press # on the phone keypad to authenticate.

3. Click Next, after choosing one of the above options.

4. Follow the on-screen steps.

5. Please read the Note below for optional steps.

Note:

  • The University recommends setting up an additional authentication method other than the default.  For example, if you set up the Microsoft Authenticator App as the default, setting up a landline (if one is available) would be great.  That way if you lose or forget your mobile device you will be able to authenticate. Please follow the instructions on Accessing or Changing 2-Step for Office 365 security settings to set up the additional method.
  • If you use Outlook 2013, or a Non-Microsoft email client whether is on a Mobile Device (iPhone/iPad or Android) or Computer (Mac or Win) you will need to set up an App Password for that client. Please follow the instructions on Create an App Password to use with Outlook 2013, Mobile Device Email apps (iPhone/iPad (iOS v10 or below) and Android), and Non-Microsoft Email Clients (Mac Mail and Thunderbird) below.

 

Accessing or Changing 2-Step for Office 365 Security Settings

  1. Login to office.unc.edu.
  2. Click on your user profile icon in the upper right corner.
  3. Click on “My account”.
  4. Click on “Security & privacy”.
  5. Click on “Update your phone numbers used for account security.”

  • On “what’s your preferred option?” Choose an option in the drop-down.
  • On “how would you like to respond?”:
    • Authentication Phone: This can be a mobile device number or any landline phone. Whatever number is entered is the number that will be the primary number used when calling.
    • Office Phone (optional, Employees Only): If this is checked you can use the option to verify with a secondary device.  I will use the number listed.  This number is what is set as your Business number in dir.unc.edu.
    • Alternate authentication phone (optional): This can be a mobile device (that can accept calls or text) or landline phone.
    • Authenticator App (optional, unless you choose to use the app): This is where you can configure the Microsoft Authenticator app.  Note:  In the case, you chose not to set it up the first time.

6. Click on Save when you are ready to save your changes.

Create an App Password

Microsoft’s recommendation is to create an App Password for each Non-Microsoft client used. You will need to use the password you create below instead of your onyen password to authenticate to the Non-Microsoft Client.
  • If you are running iOS version 11 the mail app is designed to work with 2-Step for Office 365. So setting up an App Password is not necessary.  You will need to remove and re-add your account to be able to authenticate Office 365 servers.
  • Please follow the instructions from Microsoft Set up email using the iOS Mail App.
  • In order to find your iOS version please visit Find the software version on iPhone, iPad, or iPod. If you are running an older version of iOS then please follow the instructions below.
How to Create an App Password:

Click this button Create App Password then skip to Step 7 below.

  1. If the above button does not work then please login to office.unc.edu.
  2. Click on your user profile icon in the upper right corner.
  3. Click on “My account”.
  4. Click “Security & privacy”.
  5. Click on “Update your phone numbers used for account security.
  6. Click on Create and manage app passwords.
  7. Click on Create.
  8. Enter a name for the password. Click Next.
  9. The password will show on the pop-up screen.  Click on Close when finished.

You will need to copy this password and keep it in a safe place in case you need to reuse it for you Non-Microsoft Clients. Otherwise, you can always go back in and create a new password. Please visit the Password Manager document for more information on recommended applications.

 

Understanding the 2-Step for Office 365 Push and Reporting Fraud

If you receive a push notification not in conjunction with a login you initiated, you can report it directly from your mobile phone app by selecting ‘Deny‘. If you accidentally approved a push notification or if you received an unexpected voice call from Microsoft, you should report these to the service desk immediately. In rare cases, this could be attempted abuse by someone with knowledge of your password.