Middlebury

Difference between revisions of "Multi-Factor Authentication"

m (added details about support for iOS mail and Android mail)
Line 58: Line 58:
 
Upon completion of your MFA sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to Microsoft’s MFA Setup page (https://aka.ms/MFASetup).  Follow the instructions included in the link to enable MFA for your account.
 
Upon completion of your MFA sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to Microsoft’s MFA Setup page (https://aka.ms/MFASetup).  Follow the instructions included in the link to enable MFA for your account.
  
The following short video illustrates how to setup multi-factor authentication as well as how to configure “App Passwords”: [https://channel9.msdn.com/posts/Multi-Factor-Account-Setup How To Set Up Multi-Factor for Your Account].   
+
The following '''[https://channel9.msdn.com/posts/Multi-Factor-Account-Setup short video]''' illustrates how to setup multi-factor authentication as well as how to configure “App Passwords”: [https://channel9.msdn.com/posts/Multi-Factor-Account-Setup How To Set Up Multi-Factor for Your Account].   
  
 
App Passwords, required for certain email clients, are described in more detail below.
 
App Passwords, required for certain email clients, are described in more detail below.
  
=== App Passwords for Apple Mail, iOS Mail, Android E-mail, Thunderbird, etc. ===
+
=== '''App Passwords''' for Apple Mail, iOS Mail, Android E-mail, Thunderbird, etc. ===
 
Newer Microsoft Outlook clients and the Outlook mobile app have built-in support Multi-Factor Authentication.
 
Newer Microsoft Outlook clients and the Outlook mobile app have built-in support Multi-Factor Authentication.
  
Line 86: Line 86:
 
# Let us know you are ready for MFA to be enabled.
 
# Let us know you are ready for MFA to be enabled.
  
 +
It is recommended that you use one App Password per device.
  
 
'''You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.'''
 
'''You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.'''
  
 
*''Please see [https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-end-user-app-passwords/ What are App Passwords in Azure Multi-Factor Authentication?]' for more details.'
 
*''Please see [https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-end-user-app-passwords/ What are App Passwords in Azure Multi-Factor Authentication?]' for more details.'

Revision as of 13:42, 16 August 2016

Multi-Factor Authentication (MFA) helps protect your Middlebury Office 365 and Exchange Online (Email) account from potential compromise. MFA works by complementing your password, "something you know", with "something you have".

Signing up for Multi-Factor Authentication

If you would like to sign up for MFA, please submit a Web Help Desk ticket request that MFA be enabled for your account (Request Type: Information Security/Enable Multi-Factor Authentication).

Supported versions of Microsoft Office and Outlook

Never versions of Microsoft Outlook and Microsoft Office include built in support for Multi-Factor Authentication. We highly recommend upgrading to Microsoft Office 2016 before enrolling in MFA.

MFA will work with Outlook 2013 with a few minor tweaks to your Windows computer (one or two registry keys may have to be updated). The Help Desk team can assist with the necessary changes.

MFA will work with Outlook 2010 for Windows, but requires the use of an App Password (see below). The same is true for Outlook 2011 for Mac. App Passwords are required for these legacy Outlook clients.

MFA also works with Microsoft's Office 365 mobile applications, including Outlook for iOS and Outlook for Android.

Office client application Windows Mac OS X Windows Phone iOS Android
Office clients Available now for Office 2013* and Office 2016. Available now for Office 2016 Mac Available now Outlook, Word, Excel, and PowerPoint are available now. Android Phones: Word, Excel, and PowerPoint are available now.

Android Tablets: Word, Excel, and PowerPoint are coming soon.

Outlook Included in Office Client. Available now. Coming soon. Available now. Available now.
Native Apps iOS Mail requires App Passwords* Android Mail requires App Passwords*
Legacy Clients Office 2010 and Office 2007 do no support MFA. Office for Mac 2011 does not support MFA. Windows Phone 7 does not support MFA. There are no plans to enable older Outlook iOS clients There are no plans to support older Outlook Android clients

Source: Updated Office 365 modern authentication'

  • Please see the section on App Passwords (below) for additional details

Enabling Multi-Factor Authentication

Upon completion of your MFA sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to Microsoft’s MFA Setup page (https://aka.ms/MFASetup). Follow the instructions included in the link to enable MFA for your account.

The following short video illustrates how to setup multi-factor authentication as well as how to configure “App Passwords”: How To Set Up Multi-Factor for Your Account.

App Passwords, required for certain email clients, are described in more detail below.

App Passwords for Apple Mail, iOS Mail, Android E-mail, Thunderbird, etc.

Newer Microsoft Outlook clients and the Outlook mobile app have built-in support Multi-Factor Authentication.

Apple Mail, iOS Mail, Android E-mail, Thunderbird, and other email clients do not natively support multi-factor authentication, but they can be configured to work with a special “App Password”.

This means that if you have enable multi-factor authentication and you are are attempting to use a non-Microsoft email client, or another non-browser app, you will not be able to connect until you configure an App Password.

Once you have an app password, you use this in place of your regular Middlebury network password with these 3rd-party email clients and non-browser apps.

So for instance, if you are using multi-factor authentication and the Apple native email client on your phone, you can use an App Password so that it can bypass multi-factor authentication and continue to work.

To create an app password in our Office 365 portal*:

  1. Log on to the Office 365 portal.
  2. In the top right corner select the widget and choose Office 365 Settings.
  3. Click on Additional security verification.
  4. On the right, click the link that says Update my phone numbers used for account security.
  5. This will take you to the page that will allow you to change your settings.
  6. At the top, next to additional security verification, click on app passwords.
  7. Click Create.
  8. Enter a name for the app password and click Next.
  9. Write down the app password and be ready to enter it into your account settings on your iOS device.
  10. Let us know you are ready for MFA to be enabled.

It is recommended that you use one App Password per device.

You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.