Difference between revisions of "Multi-Factor Authentication"

(Article was already moved to TDX KB)
(169 intermediate revisions by 8 users not shown)
Line 1: Line 1:
Content for this wiki page has been moved to the TeamDynamix Knowledge Base:
=== What is Multi-Factor Authentication? ===
Multi-Factor Authentication is a security technology that helps protect your Middlebury account from potential compromise by requiring the use of more than just a username and password to prove your identity during login.
=== How does Multi-Factor Authentication work? ===
[[Category:Helpdesk Documentation]] [[Category:Public Search]] [[Category:MFA]] [[Category:Security]]
Middlebury's implementation of Multi-Factor Authentication has been designed so that you can easily protect your account. Here is how it works...
# If you are connecting to a service from within the Middlebury or Monterey networks, you will not be prompted for Multi-Factor Authentication. All account compromises that have occurred in the last year have been from outside our networks.
# If you are connecting to a service from outside of our networks, there is one additional step. After correctly entering your Middlebury email address and password at the login screen of the service you wish to access, you will then be prompted for a second form of authentication, which can come to you in the form of a phone call, text message, or mobile app notification or code.
# Please note that during the login process, you can click the “remember my device for 30 days” checkbox. With this setting enabled, you won’t be prompted again for Multi-Factor Authentication from that device for another thirty days.
=== Why do I need Multi-Factor Authentication? ===
Multi-Factor Authentication helps safeguard your Middlebury account from online criminals who would steal your credentials and use them to launch cyber attacks from Middlebury’s technology services and/or steal sensitive and confidential information.
=== How do I prepare for Multi-Factor Authentication? ===
'''The following tips will help ensure that your Multi-Factor Authentication setup goes smoothly.'''
====== Tip #1: Upgrade to Office 2016 ======
If you haven’t already, please upgrade to Microsoft Office 2016 on your Windows or Mac computer. '''Middlebury’s Multi-Factor Authentication solution does not work with Office 2010.''' Microsoft Office 2016 currently provides the most seamless Multi-Factor Authentication experience and brings improved security and functionality to the Microsoft Office applications that you use every day. 
To '''upgrade to Office 2016 on a Middlebury-managed computer''', please visit [http://go.middlebury.edu/kss Kace Self-Service] to request your upgrade or contact the Helpdesk by phone at 802.443.2200 or by [mailto:helpdesk@middlebury.edu?subject=office2016 email].
To '''upgrade to Office 2016 on a personally-owned computer''', please visit [http://go.middlebury.edu/office365 Middlebury's Office 365 portal].
====== Tip #2: Install the Microsoft Authenticator app on your smartphone ======
Consider installing the official Microsoft Authenticator app on your smartphone. The Authenticator app is not required, but it is very easy to configure and use, and it is the recommended alternative to SMS text-based authentication.
*[https://itunes.apple.com/us/app/microsoft-authenticator/id983156458?mt=8 Microsoft Authenticator on the Apple App Store]
*[https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en Microsoft Authenticator on the Google Play store]
*[https://www.microsoft.com/en-us/store/p/microsoft-authenticator/9nblgggzmcj6 Microsoft Authenticator on the Microsoft store]
No smartphone? You can still use Multi-Factor Authentication. Contact [mailto:infosec@middlebury.edu?subject=mfa-nophone Middlebury Information Security] for help getting setup.
====== Tip #3: Install the Microsoft Outlook app on your mobile device(s) ======
Consider installing the official Microsoft Outlook app on your smartphone and tablet. The Outlook app includes built-in support for Multi-Factor Authentication. The Outlook app does not require “app passwords”, which will save you a few steps setting up Multi-Factor Authentication. The Outlook mobile app also provides remote access to Middlebury’s directory, a handy capability, particularly when you are on the road and need to lookup someone’s contact information.
*[https://itunes.apple.com/us/app/microsoft-outlook-email-calendar/id951937596 Microsoft Outlook on the Apple App Store]
*[https://play.google.com/store/apps/details?id=com.microsoft.office.outlook&hl=en Microsoft Outlook on the Google Play store]
<br />
<br />
=== How do I sign up for Multi-Factor Authentication? ===
If you are interested in taking advantage of Multi-Factor Authentication, simply open a Web Help Desk ticket and let ITS know that you would like Multi-Factor Authentication enabled for your account. You will then receive an email with instructions to help you get setup. You can open a ticket yourself by visiting: [http://go.middlebury.edu/getmfa http://go.middlebury.edu/getmfa].
=== How do I set up Multi-Factor Authentication? ===
Upon completion of your Multi-Factor Authentication sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to [https://aka.ms/MFASetup Microsoft’s Multi-Factor Authentication Setup page].  Follow the instructions included in the link to enable Multi-Factor Authentication for your account.
* Please note that any device that you wish to configure to use MFA must have a working network connection at the time of setup.
* By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.
<br />
<br />
==== What are the Multi-Factor Authentication verification options? ====
There are several different options for completing Multi-Factor Authentication verification. Choose the one that makes the most sense for your situation and follow the on-screen instructions.
Please note that the Microsoft Authenticator app is the recommended choice for Multi-Factor Authentication verification. You install this app on your mobile device. The Microsoft Authenticator App offers two verification methods, “Notify me through app” and “Use verification code from app”.
====== Notify me through app ======
You enter your Middlebury email address and password at an online service’s login screen and then you receive a push notification to the Microsoft Authenticator app  on your mobile device prompting you to “verify “or “deny”  the authentication request.
====== Use verification code from app ======
You enter your Middlebury email address and password at an online service’s login screen and then you are prompted to enter the code displayed in the Microsoft Authenticator app.
====== Text code to my authentication phone ======
You enter your Middlebury email address and password at an online service’s login screen and then you are prompted to enter the code that the Multi-Factor Authentication service has texted to your mobile phone.
====== Call my authentication phone(s) ======
You enter your Middlebury email address and password at an online service’s login screen and then you receive an automated call to either your primary or alternate telephone number prompting you to “verify“ the authentication request by pressing the "#" key on your phone.
* This option may be preferable for individuals with limited texting plans, no home computer or device, or those who may not have a mobile phone.
* The "Call my office phone" is not currently configured to work properly. Please choose another verification option.
* You may choose to configure your office phone as your "alternate" authentication phone.
<br />
<br />
===  App Passwords ===
Apple Mail, iOS Mail, Android E-mail, Thunderbird, and other email clients that do not have built-in support for multi-factor authentication require a special “App Password” to work with MFA.
'''This means that if you have enabled multi-factor authentication and you are are attempting to use a non-Microsoft email client, Gmail's "send as" feature, or another non-browser app, you will not be able to connect until you configure an App Password.''' 
Once you have an app password, you use this in place of your regular Middlebury password with these 3rd-party email clients and non-browser apps.
For example, if you are using multi-factor authentication and the native iOS mail app on your iPhone, you can use an App Password so that it can bypass multi-factor authentication and continue to work.
To create an app password, follow these instructions or watch [http://middmedia.middlebury.edu/media/cnorris/mp4/AppPasswords.mp4 this short video]:
# Log on to the [https://portal.office.com/Home Office 365 portal] or [http://go.middlebury.edu/webmail WebMail].
# In the top right corner select the settings gear and under '''Your App Settings''' choose '''Office 365'''.
# Click '''Security & privacy''' on the left.
# Click '''Additional security verification'''.
# In the expanded window, click '''Update my phone numbers used for account security'''.
# This will take you to the page that will allow you to change your settings and create App Passwords.
# At the top, next to additional security verification, click '''app passwords'''.
# Click '''Create'''.
# Enter a name for the app password and click '''Next'''.
# Enter the displayed app password into your account settings on your mobile device or 3rd-party email client.
<br />
<br />
It is recommended that you use one App Password per mobile device or application that requires one.
'''You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.'''
=== How do I use Multi-Factor Authentication? ===
Once you have completed Multi-Factor Authentication set up, here is what to expect.
When you sign in to a Multi-Factor Authentication protected online service (like webmail), from off-campus (or outside of the Middlebury networks), you will be prompted to verify the authentication request using the primary verification option that you selected during setup.
For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at an online service’s login screen and then you would receive a notification from the Microsoft Authenticator app  on your mobile device prompting you to “verify “or “deny” the authentication request.
'''Caution''': Only approve verification requests that you have initiated! This is particularly relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine that an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate an authentication verification request. If you approved this verification request, the criminal would be able to access your account. Remember, '''only approve verification requests that you have initiated.'''
=== How do I update my Multi-Factor Authentication settings? ===
It's easy to change your multi-factor authentication settings, should the need arise, once you've completed the enrollment process.
To update your multi-factor authentication settings:
# Log into web mail ([http://go.middlebury.edu/mail http://go.middlebury.edu])
# Click the ⛭ gear icon in the upper right corner, and select '''Office 365''' app settings.
# Click '''Security & privacy'''
# Click '''Additional security verification'''
# Click '''Update your phone numbers used for account security'''.
Note that there is a shortcut to the Office 365 Account settings screen, that you can get to without first logging into web mail.  Try [https://portal.office.com/account/ https://portal.office.com/account].
If you would like to configure the Microsoft Authenticator app as the preferred authentication method, then your next steps would be to:
# Select '''Notify me through app''' from the verification option drop-down list
# Click the '''Configure''' button displayed next to the Authenticator app option.

Latest revision as of 16:41, 12 November 2021

Content for this wiki page has been moved to the TeamDynamix Knowledge Base:


Powered by MediaWiki