- 1 What is Multi-Factor Authentication?
- 2 How does Multi-Factor Authentication work?
- 3 Why do I need Multi-Factor Authentication?
- 4 Preparing for Multi-Factor Authentication
- 5 Sign up for Multi-Factor Authentication
- 6 Set up Multi-Factor Authentication
- 7 Multi-Factor Authentication Verification Options
- 8 App Passwords
What is Multi-Factor Authentication?
How does Multi-Factor Authentication work?
It works like this: You start by authenticating against the service you wish to access with your Middlebury email address and password. You are then prompted for a second form of authentication, such as a text or voice message that is sent to your phone, or a verification code generated by a mobile application on your mobile device.
Why do I need Multi-Factor Authentication?
Account compromises have increased significantly during the past year and Multi-Factor Authentication provides a very effective solution for preventing unauthorized access.
Preparing for Multi-Factor Authentication
Use the following tips to help ensure that your Multi-Factor Authentication setup goes smoothly.
Tip #1: Upgrade to Office 2016
If you haven’t already, please upgrade to Microsoft Office 2016 on your Windows or Mac computer. Middlebury’s Multi-Factor Authentication solution does not work with Office 2010. Microsoft Office 2016 currently provides the most seamless Multi-Factor Authentication experience and brings improved security and functionality to the Microsoft Office applications that you use every day.
To upgrade to Office 2016 on a personally-owned computer, please visit Middlebury's Office 365 portal.
Tip #2: Install the Microsoft Authenticator app on your smartphone
Consider installing the official Microsoft Authenticator app on your smartphone. The Authenticator app is not required, but it is very easy to configure and use, and it is the recommended alternative to SMS text-based authentication.
- Microsoft Authenticator on the Apple App Store
- Microsoft Authenticator on the Google Play store
- Microsoft Authenticator on the Microsoft store
No smartphone? You can still use Multi-Factor Authentication. Contact Middlebury Information Security for help getting setup.
Tip #3: Install the Microsoft Outlook app on your mobile device(s)
Consider installing the official Microsoft Outlook app on your smartphone and tablet. The Outlook app includes built-in support for Multi-Factor Authentication. The Outlook app does not require “app passwords”, which will save you a few steps setting up Multi-Factor Authentication. The Outlook mobile app also provides remote access to Middlebury’s directory, a handy capability, particularly when you are on the road and need to lookup someone’s contact information.
Sign up for Multi-Factor Authentication
If you would like to sign up for Multi-Factor Authentication, please submit a Web Help Desk ticket requesting that Multi-Factor Authentication be enabled for your account (Request Type: Information Security/Multi-Factor Authentication) or simply visit: http://go.middlebury.edu/getmfa.
Set up Multi-Factor Authentication
Upon completion of your Multi-Factor Authentication sign-up request, you will receive a “Middlebury Multi-Factor Authentication Enrollment” email. The enrollment email will include a link to Microsoft’s Multi-Factor Authentication Setup page. Follow the instructions included in the link to enable Multi-Factor Authentication for your account.
Please note that any device that you wish to configure to use MFA must have a working network connection at the time of setup.
Multi-Factor Authentication Verification Options
There are several different options for completing Multi-Factor Authentication verification. Choose the one that makes the most sense for your situation.
Microsoft Authenticator App Verification The Microsoft Authenticator app is the recommended choice for Multi-Factor Authentication verification. You install this app on your mobile device. The Microsoft Authenticator App offers two verification methods, “Push” and “Code”.
- “Push” verification works like this: You enter your Middlebury email address and password at an online service’s login screen and then you receive a push notification to the Microsoft Authenticator app on your mobile device prompting you to “verify “or “deny” the authentication request.
- “Code” verification works like this: You enter your Middlebury email address and password at an online service’s login screen and then you enter the code displayed in the Microsoft Authenticator app.
SMS Text Message Verification Another Multi-Factor Authentication verification option is to have the Multi-Factor Authentication service send a text message to your mobile phone after you enter your Middlebury email address and password at an online service’s login screen. You then enter the code displayed in the text message into the login screen, when prompted.
Voice Call Verification Yet another option for Multi-Factor Authentication verification is to have the Multi-Factor Authentication service place an automated call to one of your telephone numbers after you enter your Middlebury email address and password at an online service’s login screen. To verify the authentication request, you simply press the # key. (This option may be preferable for individuals with limited texting plans, no home computer or device, or those who may not have a mobile phone.)
Apple Mail, iOS Mail, Android E-mail, Thunderbird, and other email clients that do not have built-in support for multi-factor authentication require a special “App Password” to work with MFA.
This means that if you have enabled multi-factor authentication and you are are attempting to use a non-Microsoft email client, or another non-browser app, you will not be able to connect until you configure an App Password.
Once you have an app password, you use this in place of your regular Middlebury password with these 3rd-party email clients and non-browser apps.
For example, if you are using multi-factor authentication and the native iOS mail app on your iPhone, you can use an App Password so that it can bypass multi-factor authentication and continue to work.
To create an app password in our Office 365 portal*:
- Log on to the Office 365 portal or WebMail.
- In the top right corner select the widget and under Your App Settings choose Office 365.
- Click on Security & privacy on the left.
- Click on Additional security verification.
- In the expanded window, click Update my phone numbers used for account security.
- This will take you to the page that will allow you to change your settings.
- At the top, next to additional security verification, click on app passwords.
- Click Create.
- Enter a name for the app password and click Next.
- Enter the displayed app password into your account settings on your mobile device.
It is recommended that you use one App Password per device.
You will also need to make sure that the server name in your account settings is changed to outlook.office365.com and is no longer mail.middlebury.edu.