Office 365 Multi-Factor Authentication
Multi-Factor Authentication (MFA) is a secure authentication method that prevents malicious access to an account by using multiple methods of authentication combined. For Office 365, this is most commonly using your email/password and your phone. Once you have been enrolled in MFA, you will have multiple methods available to you. However, our guide provides the most time efficient method of MFA. For this process, you will need your smart phone and your computer handy, since you will be switching between the two.
Policy for use:
All employees of Concordia University Portland are required to use MFA and participate in the associated technology required to do so. This policy applies also to any account holder paid by Concordia University including student workers.
Any account flagged as compromised or risky by Microsoft’s security tools will have MFA enabled. This applies to all users, including students.
Presently, MFA is optional for all other students but mandatory participation is expected to roll out to all students who are not yet enrolled before the end of calendar year 2020.
Participants may use the Microsoft Authenticator App in the “Use Verification Code” mode (OTP) if they are unable or unwilling to provide a phone number or wish to use an ‘offline’ device for MFA OTP verification.
IF YOU HAVE YOUR EMAIL ON YOUR PHONE, YOU MUST REMOVE THE ACCOUNT FROM YOUR PHONE FIRST. When you add the account back onto your phone after setting up MFA, it will work correctly.
ON YOUR COMPUTER:
1. Navigate to https://portal.office.com .
2. Login with your CU email address.
3. You will receive the following message; hit Next.
4. The next screen will list all the options you have for MFA. You will want to choose "Mobile app" from the first drop-down menu.
5. Using the Mobile app, there are two methods of authentication. Please choose "Receive notifications for verification".
6. Hit "Set up" in order to configure your app. This will bring up a QR code to your screen. Please leave the QR code on screen and grab your phone.
ON YOUR PHONE:
1. Navigate to the App Store or Play Store, and search for "Microsoft Authenticator". Please install that app and open it when installed.
2. This will open a brief overview of the Authenticator app. Please flick through to display the next screen. Click the + button in the center of the screen to add your account.
3. Please choose "Work or School" account. YOU MUST HIT "ALLOW" FOR THE APP TO FUNCTION PROPERLY.
4. This will open a camera interface inside of the Authenticator app. Please point it at the QR code on your screen. The app should automatically configure and start display a 6 digit code that changes every 30 seconds. Please put your phone down with the app open, and go back to the computer.
ON YOUR COMPUTER**:
1. On the QR code screen, hit "Next".
2. This will bring you back to the MFA setup screen. Hit "Next" in the bottom right. Grab your phone.
3. This will prompt you on your phone to Approve or Deny your sign-in attempt. Please hit Approve. This is also the notification that will appear for future sign-in attempts.
4. Put your phone down and go back to your computer. On the next screen, you can setup your phone number as an alternate method, in case you uninstall the app or get a new smart phone.
5. Lastly, you will be introduced to your App Password. This is a unique password that you can use for logging into your account on devices that do not support MFA. Your app password is generated automatically by the system and CAN ONLY BE VIEWED ONCE. For more information, click here.
That's all there is to it! Whenever you sign in to Outlook or the Office 365 portal, you will be prompted to approve the Sign-in. In addition, you will only have to approve a sign-in on your Outlook program once every 14 days. If you have any questions, please contact us at firstname.lastname@example.org .
Q: Why doesn't the Email app on my Android work with MFA?
A: You must use the Outlook app for Android if your account has MFA enabled.
Q: It doesn't let me choose my office phone as an option. What should I do?
A: Please choose the option "Authentication Phone" instead. Then you can put in your office number.
Q: My phone's email app isn't accepting my password after setting up MFA. What am I doing wrong?
A: When you originally setup your account on your phone, it was configured to not be a MFA account. If you delete your account off of your phone and re-add it, it should resolve this issue. Or you can use *insert App Password Article* to access your email.
Q: How do I change my verification method for MFA?
A: You can change your verification method inside of the Office 365 Web Portal. While we outlined the steps to configure the app, all verification methods are acceptable. Here are the steps:
1. Navigate to https://portal.office.com .
2. Login with your Office 365 account. This will include using the method of MFA that you are currently using.
3. Click on your portrait (or your initials in a circle) in the upper right, and choose the option "My Account".
4. This will take you to a new screen. Please click on either box that says "Security and Privacy". They lead to the same place.
5. Please click "Additional security verification" (marked in green) to display the last two options. Please click the link "Update your phone number used for account security". You must click the first link to be able to see the second!
6. This will bring you to a new screen. Please choose "Notify me through app" from the top drop down. Then, check the box next to "Authenticator app" and click "Set up Authenticator app". This will display a QR code on your screen. Please follow the steps above to configure your app. If you have the app already installed, you will be able to click the 3 dots in the upper right to find the "Add Account" option.