Phishing attacks are on the rise and many people have had their accounts compromised. This causes the individual stress and delays as the University take steps to suspend any compromised accounts, which causes a large amount of work for the Servicedesk and support teams.
With this in mind the University has enabled Multi-factor Authentication. This means that when accessing office365 outside of the University network you will be required to confirm who you are after you login either via a text message verification code or through Microsoft's Authenticator app. This way, even if your account does become compromised and your password has been taken they will be unable to login.
This can be setup here: https://aka.ms/MFASetup
We have created a short video on how to set this up: