Setting up Multi-Factor Authentication with Office 365

Introduction

 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/o365mfa.png



 

What is a Multi-Factor Authentication (MFA)?

MFA is defined as a process that requires more than one method of authentication from independent sources to verify the user’s identity. In other words, a person wishing to use the system is given access only after providing two or more pieces of information which uniquely identifies that person. These types of information are usually a combination of two of the below:

  • Validation of your password
  • Utilizing your mobile phone via text or Authenticator App
  • Biometrics such as fingerprint, iris or face recognition

A common method for MFA is that you are sent an access code to your mobile phone that you enter or receive a notification that you approve through a mobile application, along with your usual username and password. The idea of MFA is to keep multiple layers of protection, making it difficult for a hacker to gain access to your account.


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/mfalogo.png


 

Why use Multi-Factor Authentication?

Today many businesses and large companies are using Multi-Factor Authentication (MFA) for an extra security boost as an alternative to using the sometimes-unsafe passwords alone. MFA should be used whenever possible, especially when it comes to your most sensitive data—like your primary email, financial accounts, and health records. In fact, many places are starting to require MFA (not just a password) as a standard for anyone to access the system or service.

 

What is Office 365 Multi-Factor Authentication (MFA)?

Protecting the sensitive data organizations store in Office 365 comes down to preventing various attacks designed to gain access to the data and the account itself. Office 365 MFA is critically important to limiting unlawful access to your data.

In order to better protect you, your data, and our campus network from security threats, Saint Cloud State University will soon implement Multi Factor Authentication (MFA) for Office 365. Once enabled, you must also use another verification method along with your username and password. This adds another layer of security and significantly reduces security threats and account compromises.

 

What things will this impact?

This will impact authentication for ALL Office 365 applications including, but not limited to:

  • Outlook
  • One-Drive
  • Power Automate (formerly Flow)
  • Teams
  • Word
  • OneNote
  • Any items in the Waffle area… (image below)


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/waffle.png

 

Instructions

 

Office365's MFA Options

There are a variety of authentication options that can be chosen for Office 365, ranging from a push notification to a smartphone, a verification phone call, to a code sent by text message. It is highly recommend to set up multiple authentication options so that no matter what situation you find yourself in, you are still able to access your Office 365 account.

 

Option 1: Smartphone Notification App

This is the easiest option and recommended method for your Office 365 MFA. After you download and configure the Microsoft Authenticator app, your phone will prompt you at login to approve the login request. After you select approve on your phone you will be logged in.

This method does require a smartphone and downloading and app, also be sure to configure other options as a backup in case your phone is lost or damaged.

 

Option 2: Smartphone Code Generating App

The Microsoft Authenticator app or other apps like Google Authenticator or Duo Security, can also be used for another form of authentication. This method generates a 6-digit code in the app that you will simply enter in Office 365 after you enter your username and password.

This method does not require any data which means even if you are out of country with no cellular data or Wi-Fi you can still access to your account.

 

Option 3: Cell Phone Text

The next option is text message verification. After you type in your credentials to your account, it will ask permission to send a text message to your phone. After you click “Send”, you will receive a 6-digit code via text on your cell phone. Next you must enter this code into the field now located on the login window of your computer and you will be logged in.

This method works for those without smartphones. There is no extra configuration required when you upgrade or replace your cell phone as long as your phone number stays the same.

 

Option 4: Call My Phone

This option allows you to verify via a phone call. Whenever you login, you will get an automated phone call asking you to approve the login. This method can be used with a personal phone, an office phone, or alternative phone you have access to, no extra configuration will be necessarily upon upgrading or replacing a phone so long as your phone number stays the same.

It is important to note that using an office phone as the only verification method will disallow you from accessing your account when you do not have access to that phone. Also, if you intend on using an office for for verification, please make certain that this is not a shared office phone.

 

Option 5: Other Options

If you are unable to use the above options, please Contact HuskyTech for available methods (e.g. physical tokens or fobs).

 


 

Office365 MFA Setup Process

1. From any computer, navigate to https://minnstate.edu/MFA and log in.

***In order to keep these instructions on your screen during the setup, it is suggested that you right-click the link above and select "Open In New Tab" so  that you are able to follow along with the instructions as you continue to enable MFA.

From here, You may be prompted to sign into Azure AD as well, if so use the same credentials as below.

  • Students: [StarID]@go.minnstate.edu
  • Faculty/Staff: [StarID]@minnstate.edu

 

2. Once signed, in click on the “Setup MFA Verification Options” button in the power app.


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/1a1.png

 

3. Now, click on the first dropdown and select which secondary device you would like to use for multi-factor authentication.

  • Mobile (Authenticator) App: This will use the Microsoft authenticator App to secure your account.
  • Authentication phone: This will verify through an automated phone call or text.
  • Office Phone: This will verify through your office phone.

 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/2.png

 

4. Please complete one or more of the options below to complete setup.

  1. Mobile (Authenticator) App
  • Authenticator Application Installation Instructions for Android and iPhone are provided in the articles linked below.

Android Authenticator App Installation Process 

iPhone Authenticator App Installation Process 

  1. Authentication Phone
  • From the first drop down select “Authentication Phone” and then type in the phone number you would like to use along with the country code of your phone number.
  • Next, choose whether you would like to verify through call or text. Click “Next” and you will receive a call or text with instructions on how to complete the process.

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/3.png

  1. Office Phone
  • From the first drop down select “Office Phone” and then type in the phone number and extension along with the country code of your phone number.
  • Click “Next” and you will receive a call with instructions on how to complete the process.
    • Again, Please do not use the office phone option if the same line is shared with any other co-workers.


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/4.png



 

5. Once all your verification methods are configured

  • Return to the power app (Power App Link). Click the “Enable MFA” button to activate MFA for your Office 365 account. After a few minutes you should see your Office Apps prompting for you to re-authenticate. If you experience any issues please reach out to HuskyTech for support.


 

http://www.stcloudstate.edu/its/_files/images/rightnow/office365/mfa/1a1.png

 

NOTE

  • If you use Navigate (EAB) you will need to re-sync your calendar after enabling MFA. For instructions on how to do this, please refer to the Navigate Outlook Calendar Resync article.

 

  • You may experience issues with your Email Application on your mobile devices upon enabling MFA. In which case, you will need to remove your account from the application and then re-add it. The removal links below will guide you through this process.
  • While you are on either page, there will be a section on the right titled 'Related Articles" where you can find links on how to re-add your email account to your mobile application.

 

For more information and a list of frequently asked questions go to:  Office 365 MFA Frequently Asked Questions(FAQ)