Middlebury

Multi-Factor Authentication

Revision as of 09:02, 4 June 2019 by Cynthia Slater (talk | contribs) (Removed text re: verification options to separate wiki page)

If you are unfamiliar with the concept of multi-factor authentication, visit our overview page to learn more.

What should I do to prepare for MFA?

Check out our readiness info page for details. You'll learn useful tips and find details about how to sign up when you're all set to go.

 

How do I set up Multi-Factor Authentication?

Upon receipt of your Multi-Factor Authentication sign-up request, ITS will enable MFA on your account, then send you a “Middlebury Multi-Factor Authentication Enrollment” email containing a link to Microsoft’s MFA Setup page. Follow the instructions presented to set up authentication methods you wish to use with your account.

Important:

  • ITS must first enable MFA on your account before you proceed with the setup!
  • Any device you wish to configure to use MFA must have a working network connection at the time of setup.
  • By clicking the "Set it up now" button, you are activating Multi-Factor Authentication and you must complete the setup process or you may be unable to access your account, including your email.

 

Which MFA setup method should I choose?

Here are descriptions of the most common scenarios, along with our MFA setup recommendations for each one.

Scenario A:  I have a Smartphone -- and I travel internationally and/or travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with a code.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas without consistent network access. When presented with an MFA challenge you will need to input the code displayed by the Authenticator app to complete your login.

Network access is NOT required for the MS Authentication app to provide you with a code.

 

Scenario B:  I have a Smartphone -- and I rarely travel in areas without cellular coverage.

  • Choose Microsoft's Authenticator app with notifications.

This method is recommended when you have a device that supports Microsoft's Authenticator app and you will be in areas with consistent network access. When presented with an MFA challenge you will need to click Approve on your device to complete your login. Caution! Only click Approve when you have signed into a service you anticipate will trigger an authentication challenge.

Network access cellular or wifi IS required for the MS Authentication app to provide a notification.

 

Scenario C:  I have a Flip or Feature phone.

  • Choose Phone then specify Call or Text.

This method is recommended when you have a device that doesn’t support the Microsoft Authenticator app. When presented with an MFA challenge you will have to receive a phone call then press #, or else receive an SMS text message then enter the provided code, in order to complete your login.

Travel to areas without cellular coverage is not supported by this method.

 

Where can I learn more about the various Multi-Factor Authentication verification options?

Please visit our MFA verification wiki page for additional details.

 

How do I use Multi-Factor Authentication?

Once you have completed Multi-Factor Authentication set up, here is what to expect.

When you sign in to a Multi-Factor Authentication protected online service (like webmail), from off-campus (or outside of the Middlebury networks), you will be prompted to verify the authentication request using the primary verification option that you selected during setup.

For example, if you chose the "Notify me through the app" option, you would enter your Middlebury email address and password at an online service’s login screen and then you would receive a notification from the Microsoft Authenticator app on your mobile device prompting you to “verify “or “deny” the authentication request.

Caution: Only approve verification requests that you have initiated! This is particularly relevant to the "Notify me through app" and "Call my authentication phone" verification options. Imagine that an online criminal has your password and is trying to access your account. Once Multi-Factor Authentication has been enabled for your account, this access attempt would generate an authentication verification request. If you approved this verification request, the criminal would be able to access your account. Remember, only approve verification requests that you have initiated.

 

How do I update my Multi-Factor Authentication settings?

It's easy to change your multi-factor authentication settings, should the need arise, once you've completed the enrollment process.

To update your multi-factor authentication settings:

  1. Log on to the myapps.microsoft.com
  2. In the top right corner click your profile picture and click Profile.
  3. Click the link Additional security verification, you will get a MFA challenge.
  4. Click Update your phone numbers used for account security.

Note that there is a shortcut to the Office 365 Account settings screen, that you can get to without first logging into web mail. Try https://portal.office.com/account.

If you would like to configure the Microsoft Authenticator app as the preferred authentication method, then your next steps would be to:

  1. Select Use verification code from app from the verification option drop-down list
  2. Click the Configure button displayed next to the Authenticator app option.