Multi-Factor Authentication (or MFA) helps protect your Middlebury account from potential compromise. MFA works by complementing your password, "something you know", with "something you have", like your phone or mobile device. Read on to learn more about MFA.
What is Multi-Factor Authentication
Multi-Factor Authentication (or MFA for short) is a security technology which leverages something you know, such as a password, and something you have, such as your phone, to increase the protection of accounts and services. The general idea of MFA is that you start by authenticating against the service with your usual user ID and password and then you are prompted for a second form of authentication, such as a text or voice message that is sent to your phone or a verification code generated by a mobile application on your device. This use of multiple factors of verification to prove the authenticity of the user, delivers greatly improved security for accounts and services.
Signing up for Multi-Factor Authentication
If you would like to sign up for MFA, please submit a Web Help Desk ticket requesting that MFA be enabled for your account (Request Type: Information Security/Multi-Factor Authentication) or simply visit: http://go.middlebury.edu/getmfa.
Newer versions of Microsoft Outlook and Microsoft Office include built in support for Multi-Factor Authentication. We strongly recommend upgrading to Microsoft Office 2016 before enrolling in MFA. Contact the Helpdesk for instructions on updating your MS Office Suite to 2016, or visit this link: http://mediawiki.middlebury.edu/wiki/LIS/Office_2016#College-Owned_Computers.
After MFA has been enabled for your account, iOS Mail and Android Mail have to be reconfigured to use special #App Passwords. Details, including a brief video tutorial are available below.
Enabling Multi-Factor Authentication
Upon completion of your MFA sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to Microsoft’s MFA Setup page. Follow the instructions included in the link to enable MFA for your account.
Please note that any device that you wish to configure to use MFA must have a working network connection.
Apple Mail, iOS Mail, Android E-mail, Thunderbird, and other email clients that do not have built-in support for multi-factor authentication require a special “App Password” to work with MFA.
This means that if you have enabled multi-factor authentication and you are are attempting to use a non-Microsoft email client, or another non-browser app, you will not be able to connect until you configure an App Password.
Once you have an app password, you use this in place of your regular Middlebury network password with these 3rd-party email clients and non-browser apps.
So for instance, if you are using multi-factor authentication and the Apple native email client on your phone, you can use an App Password so that it can bypass multi-factor authentication and continue to work.
To create an app password in our Office 365 portal*:
- Log on to the Office 365 portal.
- In the top right corner select the widget and choose Office 365 Settings.
- Click on Additional security verification.
- On the right, click the link that says Update my phone numbers used for account security.
- This will take you to the page that will allow you to change your settings.
- At the top, next to additional security verification, click on app passwords.
- Click Create.
- Enter a name for the app password and click Next.
- Write down the app password and be ready to enter it into your account settings on your iOS device.
- Let us know you are ready for MFA to be enabled.
It is recommended that you use one App Password per device.
You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.
Please see What are App Passwords in Azure Multi-Factor Authentication? for more details.
Supported versions of Microsoft Office and Outlook
Newer versions of Microsoft Outlook and Microsoft Office include built in support for Multi-Factor Authentication. We highly recommend upgrading to Microsoft Office 2016 before enrolling in MFA.
MFA will work with Outlook 2013 with a few minor tweaks to your Windows computer (one or two registry keys may have to be updated). The Help Desk team can assist with the necessary changes.
MFA will work with Outlook 2010 for Windows, but requires the use of a #App Passwords. The same is true for Outlook 2011 for Mac. App Passwords are required for these legacy Outlook clients.
MFA also works with Microsoft's Office 365 mobile applications, including Outlook for iOS and Outlook for Android.
|Office client application||Windows||Mac OS X||Windows Phone||iOS||Android|
|Office clients||Available now for Office 2013 and Office 2016.||Available now for Office 2016 Mac||Available now||Outlook, Word, Excel, and PowerPoint are available now.||Android Phones: Word, Excel, and PowerPoint are available now.
Android Tablets: Word, Excel, and PowerPoint are coming soon.
|Outlook||Included in Office Client.||Available now.||Coming soon.||Available now.||Available now.|
|Native Apps||iOS Mail require #App Passwords||Android Mail require #App Passwords|
|Legacy Clients||Office 2010 and Office 2007 do no support MFA.||Office for Mac 2011 does not support MFA.||Windows Phone 7 does not support MFA.||There are no plans to enable older Outlook iOS clients||There are no plans to support older Outlook Android clients|