To ensure security of our accounts, you will know that you are challenged for authentication when you try to use email or other O365 services outside the TUI network. This may happen once every 14 days or more often depending on security settings.
Please be aware that authentication and services are likely to work better with Microsoft clients than native IOS/Android clients or browsers. If you experience any issues, we advise you switch to MS Outlook and similar.
Before activation, you can pre-register your sign-in MFA methods on My Profile website. Log in with your tuiad credentials and then choose Security Info.
In case you already had an office phone number configured from HR systems, it will be preregistered, but in any case, it will be necessary to enable the two-step verification method with it. If the phone number shown is not correct, you can update it from here.
We recommend you to configure at least 2 different authentication methods, in order to be able to access your account in case your primary recover method is not available.
Click on + Add method, select the desired method and follow the prompts.
Please be aware this is a pre-registration and you will only be challenged to use MFA when policies have been applied to your account.
Alternatively, if MFA has been enabled for your account, but you haven't preregistered any sign-in method yet, you will be challenged to setup MFA when you connect off the TUI network to O365 services, like O365 portal (e.g. on your mobile, working from home without VPN, etc...)
1. Login with you TUI email address and usual network password
2. You may get a message of 'no certificates found', you can cancel this.
3. Follow the prompts, adding your mobile phone number and entering the verification code received by text. Make sure the airplane mode is not activated on the phone or the text code notification won't be received.
4. A secondary method will be required. You can either enter your personal email address or use security questions (select 'I want to use a different method'). Follow the prompts to complete the setup. If you select the 'security questions' method, make sure the answers are not easy to guess by others.
When using services in future you will be challenged for an authentication code wen accessing O365 outside the TUI network. which will arrive by Text on your mobile.
To make things easier you can immediately continue to the Authenticator app setup...
The easiest way to authenticate is to use the mobile app which can simply generate an approve/reject prompt every time you need to authenticate, thus removing the need to enter codes, wait for texts or phone calls...
You need both the mobile you intend to use, and a computer / iPAD to easily complete this setup
1. On your mobile, search for and install Microsoft Authenticator from the app store
2. On your computer access Security Info
3. Select +Add method.
Choose Authenticator app from the drop-down
Follow the prompts until a QR code is shown.
4. On your mobile, open the Microsoft Authenticator app. On the Accounts screen select Add account, then select Work or school account.
5. Follow the prompts until the QR code is requested, then use your device's camera to scan the QR code from the webpage on your computer. If login is requested, use your TUI email address and normal network password
Approve the notification received on your mobile app.
A Notification approved message will appear on your screen computer.
6. Complete the setup on phone and computer following the prompts.
7. Back on your computer, on the Security info screen select Change on the Default sign-in method. From the drop-down select Microsoft Authenticator - notification and confirm your choice.
8. Access codes are shown in the app, but the app will generate a pop-up notification for approval on your mobile whenever an authentication challenge is encountered on any device you use to access your O365 account.
If you are enrolling an iPAD type on the mail app and configure your account. If your iPAD was already enrolled, the 'More information required' screen will pop up when you try to access to any O365 application outside TUI network.
Follow the prompts, adding your mobile phone number and entering the verification code received by text. Make sure the airplane mode is not activated on the phone or the text code notification won't be received.
A secondary method will be required. You can either enter your personal email address or use security questions (select 'I want to use a different method'). Follow the prompts to complete the setup. If you select the 'security questions' method, make sure the answers are not easy to guess by others.
Click 'Done' button and you'll get access to your mailbox account.
If your phone number you see when setting up the MFA is not your current one and you want to change it please go to this link. If there is an issue with MFA you can open a ticket.
Make sure the airplane mode is not activated on the phone / iPad. Also, third-party security apps may also block the verification code text message or phone call. If using a third-party security app, try disabling the protection, then request another MFA verification code be sent.
If the steps above don't work, try to set up a different verification method on the Security Info screen.
On your browser, navigate to Security Info and select +Add method
On your browser, navigate to Security Info, click on 'Change' and select the new method. Be aware you'll need to add a new method first in case is not listed.
If you have left/lose your mobile device and you can't use it to verify who you are, if you previously added another method to sign in to your account, such as your office phone, you should be able to use that method now. If you never added an additional verification method or your device has been lost or stolen, you'll have to contact MyServicedesk to get access again. MFA can only be reset by an O365 administrator.
In the meantime, you can work directly of a TUI managed laptop or desktop until the issue is resolved.
Please be aware it will be mandatory to verify that the colleague is who claim to be providing their employee ID (it can be found on your employee slip document) or it will need to be requested by the user's line manager.
If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. Please contact MyServicedesk.
Challenges for authentication can be received on a 14-day cycle but are linked to the device and app used. There will be a challenge per app on each device. Make sure the 'Don't ask again for 14 days' check box is selected before log in.
You might find it more difficult to use a mobile device-related verification method, while you're in an international location. If you travel outside your home country to another EU country, you don't have to pay any additional charges to use your mobile phone. This is known as 'roaming'. Your calls (to mobile and fixed phones), text messages (SMS) and data services will be charged at domestic rates, i.e. the same price as calls, texts and data within your home country.The same rule also applies to any calls or text messages you receive while you're abroad even if the person calling you is using a different service provider.
The cost of roaming outside the EU can be expensive. To avoid running up steep bills, check the cost for roaming outside the EU with your provider before travelling. To avoid extra roaming charges, we recommend you use the SMS authentication option instead of the Microsoft Authenticator App.
To avoid the app drain your mobile battery, make sure the Battery optimization is turned on in your Settings of Microsoft Authentication application. If no, we suggest you turn on by clicking on Go to Settings to turn on> Authenticator> Optimize.
In case the issue is not fixed, reinstall the app.