Multi-Factor Authentication (MFA) for Office 365 Services

Introduction

 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/o365mfa.png


 

What is a Multi-Factor Authentication (MFA)?

MFA is defined as a process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person. These types of information are usually a combination of two of the below:

  • Validation of your password
  • Utilizing your mobile phone via text or Authenticator App
  • Biometrics such as fingerprint, iris or face recognition

A common method for MFA is that you are sent an access code to your mobile phone that you enter or receive a notification that you approve through a mobile application, along with your usual username and password. The idea of MFA is to keep multiple layers of protection, making it difficult for a hacker to gain access to your account.


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/mfalogo.png


 

Why use Multi-Factor Authentication?

Today many businesses and large companies are using Multi-Factor Authentication (MFA) for an extra security boost as an alternative to using the sometimes-unsafe passwords alone. MFA should be used whenever possible, especially when it comes to your most sensitive data—like your primary email, financial accounts, and health records. In fact, many places are starting to require MFA (not just a password) as a standard for anyone to access the system or service.

 

What is Office 365 Multi-Factor Authentication (MFA)?

Protecting the sensitive data organizations store in Office 365 comes down to preventing various attacks designed to gain access to the data and the account itself. Office 365 MFA is critically important to limiting unlawful access to your data.

In order to better protect you, your data, and our campus network from security threats, Saint Cloud State University requires Multi Factor Authentication (MFA) for Office 365. Once enabled, you must also use another verification method along with your username and password. This adds another layer of security and significantly reduces security threats and account compromises.

 

What things will this impact?

This will impact authentication for ALL Office 365 applications including, but not limited to:

  • Outlook
  • One-Drive
  • Power Automate (formerly Flow)
  • Teams
  • Word
  • OneNote

Applications listed here will also use or require Office365 MFA

 

What options do I have to complete Office 365 MFA?

There are a variety of authentication options that can be chosen for Office 365, ranging from a push notification to a smartphone, a verification phone call, to a code sent by text message. It is highly recommend to set up multiple authentication options so that no matter what situation you find yourself in, you are still able to access your Office 365 account.

 

Option 1: Microsoft Authenticator App

This is the easiest option and recommended method for your Office 365 MFA. After you download and configure the Microsoft Authenticator app, your phone will prompt you at login to approve the login request. After you select approve on your phone you will be logged in.

This method does require a smartphone and downloading and app, also be sure to configure other options as a backup in case your phone is lost or damaged. This method can also generate 6-digit codes to use when you are out of country or without cellular data or Wi-Fi. 

 

Option 2: Smartphone Code Generating App

Other apps like Google Authenticator or Duo Security can also be used as another form of authentication (any authenticator app supporting time-based one-time password (TOTP) standards). This method generates a 6-digit code in the app that you will simply enter in Office 365 after you enter your username and password.

This method does not require any data which means even if you are out of country with no cellular data or Wi-Fi you can still access to your account.

 

Option 3: Call My Phone

This option allows you to verify via a phone call. Whenever you login, you will get an automated phone call asking you to approve the login. This method can be used with a personal phone, an office phone, or alternative phone you have access to, no extra configuration will be necessarily upon upgrading or replacing a phone so long as your phone number stays the same.

It is important to note that using an office phone as the only verification method will disallow you from accessing your account when you do not have access to that phone. Also, if you intend on using an office for for verification, please make certain that this is not a shared office phone.

 

Option 4: Cell Phone Text

The next option is text message verification. After you type in your credentials to your account, it will ask permission to send a text message to your phone. After you click “Send”, you will receive a 6-digit code via text on your cell phone. Next you must enter this code into the field now located on the login window of your computer and you will be logged in.

This method works for those without smartphones. There is no extra configuration required when you upgrade or replace your cell phone as long as your phone number stays the same.

 

Option 5: Other Options

If you are unable to use the above options, please Contact HuskyTech for available methods (e.g. physical tokens or fobs).

To set up Office 365 MFA for your account, follow the instructions below:

  • If you are prompted to provide additional security verification before accessing Office 365, follow the New Account set-up.

For more information and a list of frequently asked questions go to:  Office 365 MFA Frequently Asked Questions(FAQ)

 

Submit a request for help

 

Details

Article ID: 118273
Created
Tue 10/13/20 4:07 PM
Modified
Fri 1/27/23 3:15 PM

Related Articles (8)

Becoming More Aware of Possible Phishing Attempts
How to stay ahead of potential Phishing and what to do if caught
How to Create a Strong Password
Tips on password creation
Microsoft Authenticator App Installation Process for Android
How to install the MFA Authenticator for Android
Microsoft Authenticator App Installation Process for iPhone
How to install the MFA Authenticator for iPhone
Safe Computing Practices & Tips
How to stay safe from scams/phishing, malware, viruses and more.
Setting Up Multi-Factor Authentication For Office 365
Multi-factor authentication enrollment instructions for users who are prompted to enroll into multi-factor authentication to access their Office 365 account.
Updating Multi-Factor Authentication Settings for Office 365
How to make changes to your Office 365 MFA verification methods.

Related Services / Offerings (2)

Report An Information Security Incident
Report an IT security issue or event such as phishing, virus, scams, suspected hacking of account, etc. For confidential matters, please submit a ticket for "Request IT Security Assistance for Confidential Matters".
Request IT Security Assistance for Confidential Matters
Request IT security assistance for confidential matters including but not limited to investigations, litigation, hold requests, compliance (HIPAA, PCI, etc.), requests for confidential information