Difference between revisions of "Multi-Factor Authentication"

(Article was already moved to TDX KB)
(215 intermediate revisions by 8 users not shown)
Line 1: Line 1:
=== What is Multi-Factor Authentication? ===
Content for this wiki page has been moved to the TeamDynamix Knowledge Base:
Multi-Factor Authentication is a security technology that helps protect your Middlebury account from potential compromise. Multi-Factor Authentication complements your password, "something you know", with "something you have", like your phone or mobile device.
=== How does Multi-Factor Authentication work? ===
[[Category:Helpdesk Documentation]] [[Category:Public Search]] [[Category:MFA]] [[Category:Security]]
It works like this: You start by authenticating against the service you wish to access with your Middlebury email address and password. You are then prompted for a second form of authentication, such as a text or voice message that is sent to your phone, or a verification code generated by a mobile application on your mobile device.
=== Why do I need Multi-Factor Authentication? ===
Account compromises have increased significantly during the past year and Multi-Factor Authentication provides a very effective solution for preventing unauthorized access.
Multi-Factor Authentication helps keep your Middlebury account protected against online criminals who would use your account to launch cyber attacks from Middlebury’s technology services and/or steal sensitive and confidential information.
=== Signing up for Multi-Factor Authentication ===
If you would like to sign up for MFA, please submit a Web Help Desk ticket requesting that MFA be enabled for your account (Request Type: Information Security/Multi-Factor Authentication) or simply visit: [http://go.middlebury.edu/getmfa http://go.middlebury.edu/getmfa].
=== Tips to simplify the MFA enrollment process ===
Here are some tips that will make the MFA enrollment process simple. '''Taking care of these three steps ahead of time makes enrolling in MFA a quick process'''.
==== Tip #1: Upgrade to Office 2016 ====
If you haven’t already, please upgrade to Microsoft Office 2016 on your Windows or Mac computer. Microsoft Office 2016 provides the most seamless MFA experience and brings improved security and functionality to the Microsoft Office applications that you use every day.
To '''upgrade to Office 2016 on a Middlebury-managed computer''', please visit [http://go.middlebury.edu/kss Kace Self-Service] to request your upgrade or contact the Helpdesk by phone at 802.443.2200 or by [mailto:helpdesk@middlebury.edu?subject=office2016 email].
To '''upgrade to Office 2016 on a personally-owned computer''', please visit [http://go.middlebury.edu/office365 Middlebury's Office 365 portal].
==== Tip #2: Install the Microsoft Authenticator app on your smartphone ====
Consider installing the official Microsoft Authenticator app on your smartphone. The Authenticator app is not required, but it is very easy to configure and use, and it is the recommended alternative to SMS text-based authentication.
*[https://itunes.apple.com/us/app/microsoft-authenticator/id983156458?mt=8 Microsoft Authenticator on the Apple App Store]
*[https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en Microsoft Authenticator on the Google Play store]
*[https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6 Microsoft Authenticator on the Microsoft store]
No smartphone? You can still use MFA. Contact [mailto:infosec@middlebury.edu?subject=mfa-nophone Middlebury Information Security] for help getting setup.
==== Tip #3: Install the Microsoft Outlook app on your mobile device(s) ====
Consider installing the official Microsoft Outlook app on your smartphone and tablet. The Outlook app includes built-in support for MFA. The Outlook app does not require “app passwords”, which will save you a few steps setting up MFA. The Outlook mobile app also provides remote access to Middlebury’s directory, a handy capability, particularly when you are on the road and need to lookup someone’s contact information.
*[https://itunes.apple.com/us/app/microsoft-outlook-email-calendar/id951937596 Microsoft Outlook on the Apple App Store]
*[https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en Microsoft Outlook on the Google Play store]
Newer versions of Microsoft Outlook and Microsoft Office include built in support for Multi-Factor Authentication. '''We strongly recommend upgrading to Microsoft Office 2016 before enrolling in MFA.''' Contact the Helpdesk for instructions on updating your MS Office Suite to 2016, or visit this link: [http://mediawiki.middlebury.edu/wiki/LIS/Office_2016#College-Owned_Computers http://mediawiki.middlebury.edu/wiki/LIS/Office_2016#College-Owned_Computers].
=== Enabling Multi-Factor Authentication ===
Upon completion of your MFA sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to [https://aka.ms/MFASetup Microsoft’s MFA Setup page].  Follow the instructions included in the link to enable MFA for your account.
Here's a '''[https://channel9.msdn.com/posts/Multi-Factor-Account-Setup short video]''' that demonstrates how to setup multi-factor authentication as well as how to configure App Passwords: [https://channel9.msdn.com/posts/Multi-Factor-Account-Setup How To Set Up Multi-Factor for Your Account]. 
Please note that any device that you wish to configure to use MFA must have a working network connection.
After MFA has been enabled for your account, '''iOS Mail and Android Mail have to be reconfigured to use special [[#App Passwords]]'''. Details, including a brief video tutorial are available below.
===  App Passwords ===
Apple Mail, iOS Mail, Android E-mail, Thunderbird, and other email clients that do not have built-in support for multi-factor authentication require a special “App Password” to work with MFA.
'''This means that if you have enabled multi-factor authentication and you are are attempting to use a non-Microsoft email client, or another non-browser app, you will not be able to connect until you configure an App Password.''' 
Once you have an app password, you use this in place of your regular Middlebury password with these 3rd-party email clients and non-browser apps.
For example, if you are using multi-factor authentication and the native iOS mail app on your iPhone, you can use an App Password so that it can bypass multi-factor authentication and continue to work.
To create an app password in our [https://portal.office.com/Home Office 365 portal]*:
# Log on to the [https://portal.office.com/Home Office 365 portal] or [http://go.middlebury.edu/webmail WebMail].
# In the top right corner select the widget and under '''Your App Settings''' choose '''Office 365'''.
# Click on '''Security & privacy''' on the left.
# Click on '''Additional security verification'''.
# In the expanded window, click '''Update my phone numbers used for account security'''.
# This will take you to the page that will allow you to change your settings.
# At the top, next to additional security verification, click on '''app passwords'''.
# Click '''Create'''.
# Enter a name for the app password and click '''Next'''.
# Enter the displayed app password into your account settings on your mobile device.
It is recommended that you use one App Password per device.
'''You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.'''
Please see '''[https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication-end-user-app-passwords/ What are App Passwords in Azure Multi-Factor Authentication?]''' for more details.
=== Supported versions of Microsoft Office and Outlook  ===
Newer versions of Microsoft Outlook and Microsoft Office include built in support for Multi-Factor Authentication. '''We highly recommend upgrading to Microsoft Office 2016 before enrolling in MFA.'''
MFA will work with Outlook 2013 with a few minor tweaks to your Windows computer (one or two registry keys may have to be updated). The Help Desk team can assist with the necessary changes.
MFA will work with Outlook 2010 for Windows, but requires the use of a [[#App Passwords]]. The same is true for Outlook 2011 for Mac. App Passwords are required for these legacy Outlook clients.
MFA also works with Microsoft's Office 365 mobile applications, including Outlook for iOS and Outlook for Android.
!Office client application
!Mac OS X
!Windows Phone
|Office clients
|Available now for Office 2013 and Office 2016.
|Available now for Office 2016 Mac
|Available now
|Outlook, Word, Excel, and PowerPoint are available now.
|Android Phones: Word, Excel, and PowerPoint are available now.
Android Tablets: Word, Excel, and PowerPoint are coming soon.
|Included in Office Client.
|Available now.
|Coming soon.
|Available now.
|Available now.
|Native Apps
|iOS Mail require [[#App Passwords]]
|Android Mail require [[#App Passwords]]
|Legacy Clients
|Office 2010 and Office 2007 do no support MFA.
|Office for Mac 2011 does not support MFA.
|Windows Phone 7 does not support MFA.
|There are no plans to enable older Outlook iOS clients
|There are no plans to support older Outlook Android clients
''Source: [https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/ Updated Office 365 modern authentication]''

Latest revision as of 16:41, 12 November 2021

Content for this wiki page has been moved to the TeamDynamix Knowledge Base:


Powered by MediaWiki