Set up your Microsoft 365 sign-in for multi-factor authentication (MFA)
By setting up MFA, you add an extra layer of security to your Microsoft 365 account sign-in. For example, you first specify your password and, when prompted, you also type a dynamically generated verification code provided by an authenticator app or sent to your phone.
If you choose to use an authenticator app, here is our video on setting up Authy. Authy can be used as an app on your phone, desktop computer, or tablet: https://www.youtube.com/watch?v=knlVwQZofUA
Before CTS enables MFA on your account, please make sure you have a means to receive the verification code. You will need either a cell phone that can receive calls or SMS texts, a desk phone, or an Authenticator App. It is important to remember that you will be asked to re-authenticate with MFA from time to time, so it is critical that you have your 2nd verification method nearby when this happens. In most cases a cell phone is the optimal device for this purpose.
Once CTS enables MFA on your account, they will ask you to log out of any active Microsoft Online sessions you will then need to follow the steps below to complete your MFA set up. It is very important that once you start this process that you complete it all the way through to the end. Failure to do so might leave your account in a state where you cannot access it and you will need to contact the IT Service Desk for further assistance.
- Sign into Microsoft 365 with your work or school account with your password like you normally do. After you choose Sign in, you'll be prompted for more information.
- Choose Next.
- Choose your default authentication method. There are three options: Authentication phone, Office phone, and Mobile app (Microsoft Authenticator app). Select Next and follow the prompts to add this account.
- Once you complete the instructions to specify your additional verification method, the next time you sign into Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided by your authenticator app or sent to you by text message.
- The final step. If you are using the Desktop or Mobile apps of MS Teams and Outlook, you will be prompted to reauthenticate for each app. CTS suggests that when authenticating, to choose the option to “Don’t ask again for 14 days” when you are using a campus owned device or a device you trust.
Q. What is MFA?
A. Multi-Factor Authentication, sometimes used interchangeably with Two-Factor Authentication (2FA), uses an additional layer of security when you login to a service. MFA relies on two forms of authentication: your standard CCA password and a second method of authentication. The second item is typically something you have with or near you: your office phone, or an authenticator application on your mobile device such as Microsoft Authenticator, or via your cell phone receiving a text message which is the most common method.
Q. Who is currently enrolled by MFA?
A. All College faculty and staff are being on-boarded to use MFA beginning in March 2021. Watch your campus E-mail for more information. Additionally, anyone's account that has been compromised in any way has already been enrolled in MFA during the reset process.
Q. Why are we requiring people to use MFA?
A. We are required to use MFA by new SUNY security guidelines. Our systems are under constant attack. The most common are password attacks where attackers send thousands of logins using usernames and passwords harvested from the web to phishing attacks where attackers attempt to get your username and password. MFA stops all these attacks.
Q. What applications/systems are currently protected with MFA?
A. Currently Office 365 has MFA enabled.
Q. How often do I have to re-authenticate?
A. When you authenticate with MFA there is an option that can be clicked for it to last 14 days. This setting is per-device, application, and web browser. So, for example, your computer and your phone will each have their own 14 day window with the applications where you will not be asked to authenticate again. If you also use O365 on either of those devices with a web browser, it also will have its own independent 14 day window between authentication requests.
Q. How do I enroll in MFA if I'm a student?
A. If you wish to activate MFA for your account send an email to firstname.lastname@example.org and you will receive instructions.
Q. I don't have access to anything important why do I have to use MFA?
A. You may not think you have access to any information worth protecting, but all our faculty/staff have access to some secure information of one kind or another, from your W-2 (which an attacker could use to commit fraud and receive your tax return) to student health data, FERPA protected student data, or college financial data. If your account is compromised, it also could be used to trick other campus members into responding to a phishing email which would allow an attacker to more easily access systems or compromise of users that do have access to the data they are looking for.
Q. How do I change my authentication method?
A. Email or call the IT Service Desk at email@example.com / x4444.
Multiple Web Browser Tabs: If you are using MS365 on the web and have multiple tabs open (e.g. Outlook, Teams, and OneDrive) it may prompt you with three different verification codes. Trying to figure out which code goes to which web app can be confusing. We suggest you click the “refresh” button one of the web app pages and it should send you another verification code. Once you authenticate into one web app page, all you need to do is refresh the other pages and they should load without prompting for another verification.
SMS Authentication Codes: Text message authentication codes sent to cell phone expire after 3 minutes. You should be ready to enter the code when you receive it or be prepared to login again and receive another.
If you experience any issues and need help getting things configured, please contact firstname.lastname@example.org.