What is multifactor authentication (MFA)?
Multi-factor authentication is a critical security requirement in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone.
If you only use a password to login, it leaves you more open to a hacker attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is significantly increased because this additional factor isn't something that's easy for an attacker to obtain or duplicate.
Multi-Factor Authentication works by requiring two or more of the following authentication methods:
- Something you know, typically a password.
- Something you have, such as a trusted device that's not easily duplicated, like a phone or security key.
- Something you are - biometrics like a fingerprint or face scan.
The available multi-factor authentication options include the Microsoft Authenticator mobile app (our preferred and most secure standard), SMS text, or if required a physical FIDO2 security key for an additional fee.
Why use multifactor authentication (MFA)? Watch this video from Microsoft https://www.youtube.com/watch?v=LB2yj4HSptc
MFA at this time is currently optional, although we are quickly moving toward this as a mandatory standard for all users to ensure we are protected, and so we highly recommend that you self onboard to Multi-Factor authentication in preparation (prior to our upcoming deadline where this will be required 'on next login').
To self-onboard to MFA simply follow this step by step, or watch this video walkthrough: https://www.youtube.com/watch?v=Q8OzabuNwHI
1. Login to https://aka.ms/mfasetup
2. When prompted for "More information required" - click Next
3. To use the Microsoft Authenticator app follow the presented instructions on the screen to download the App on your smart phone - click Next
4. To use SMS Text as an MFA method click "I want to set up a different method' - choose Phone - click Confirm - enter your phone number and choose either "Text me a code" or "Call me". Enter the one-time verification code to finalize the setup.
5. To finalize the Microsoft Authenticator App setup - click Next again - you will be presented with a QR code on the screen
6. Launch your Microsoft Authenticator App on your smart phone - click the + symbol in the top right - choose Work or School account - Click "Scan QR Code" - Scan the QR code with your phone.
7. A rotating code will now be displayed on your MS Authenticator App - click Next on the screen
8. Click Next & Approve the prompt from your Mobile Phone (or type in the rotating code as needed) - click Next - click Done on the computer screen to finalize the setup.
9. You will be prompted to login with your email, password & MFA to validate you are now setup.
10. You are now setup with Multi-Factor authentication and much more secure!
(optionally you can add additional MFA methods as backup methods if the primary method is not available)
To setup alternate MFA verification options;
1. Login to https://aka.ms/mfasetup
2. Click Add method
3. Select an alternate MFA verification method & follow the prompts to setup as per above
*Note: Email cannot be used as an MFA method, it is only used as a verification option if using self service password recovery. Validate MFA methods are Authenticator app, Phone or Security key.
To set a default MFA sign-in option;
1. Once logged into to the MFA site above
2. Click "Default sign-in method" - click Change
3. Select the preferred primary MFA option
(while other options are available for use as optional alternate forms)
Important Note: If you do not have your multi-factor authentication device and require to login, simply contact us directly for assistance at;
IT Excellence Team