Office 365 Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is a secure authentication method that prevents malicious access to an account by using multiple methods of authentication combined. For Office 365, this is most commonly using your email/password and your phone.

Once you have been enrolled in MFA, you will have multiple methods available to you. However, our guide provides the most time efficient method of MFA. For this process, you will need your smart phone and your computer handy, since you will be switching between the two.

Usage Policy

All employees of Concordia University Portland are required to use MFA and participate in the associated technology required to do so. This policy applies also to any account holder paid by Concordia University including student workers.

Any account flagged as compromised or risky by Microsoft’s security tools will have MFA enabled. This applies to all users, including students.

Presently, MFA is optional for all other students, but mandatory participation is expected to roll out to all students who are not yet enrolled before the end of calendar year 2020.

① MFA setup: On your computer

Participants may use the Microsoft Authenticator App in the “Use Verification Code” mode (OTP) if they are unable or unwilling to provide a phone number or wish to use an ‘offline’ device for MFA OTP verification.

1. Navigate to https://portal.office.com.
2. Login with your CU email address.
3. You will receive the following message.
4. Click Next.
   
5.  The next screen will list all the options you have for MFA.
6. You will want to choose Mobile app from the first drop-down menu.
   
7. Using the mobile app, there are two methods of authentication.
8. Choose Receive notifications for verification.
   
9. Click Set up in order to configure your app.
10. This will bring up a QR code to your screen.
11. Leave the QR code on screen and grab your phone.

② MFA Setup: On your phone

1.  Navigate to the App Store or Play Store for your device.
2. Search for "Microsoft Authenticator".
3. Install that app and open it when installed.
   
4. This will open a brief overview of the Microsoft Authenticator app.
5. Tap through to display the next screen.
6. Click the + button in the center of the screen to add your account.
   
7. Choose Work or School account.
8. YOU MUST HIT ALLOW FOR THE APP TO FUNCTION PROPERLY.
   
9. This will open a camera interface inside of the Authenticator app.
10. Point the camera lens at the QR code on your screen.
11. The app should automatically configure and start display a 6 digit code that changes every 30 seconds.
12. Put your phone down with the app open, and go back to the computer.

③ MFA setup: On your computer and phone

1. On the QR code screen, click Next.
2. This will bring you back to the MFA setup screen.
3. Click Next in the bottom right.
4. Grab your phone and look for the prompt to approve or deny the sign-in attempt. 
5. Click Approve.
6. This is also the notification that will appear for future sign-in attempts.
   
7. Put your phone down and go back to your computer.
8. On the next screen, you can setup your phone number as an alternate method, in case you uninstall the app or get a new smart phone.
   
9. Lastly, you will be introduced to your App Password.
10. This is a unique password that you can use for logging into your account on devices that do not support MFA. Your app password is generated automatically by the system and CAN ONLY BE VIEWED ONCE. For more information, click here.
11. That's all there is to it! Whenever you sign in to Outlook or the Office 365 portal, you will be prompted to approve the Sign-in.
12. In addition, you will only have to approve a sign-in on your Outlook program once every 14 days.

Frequently Asked Questions (FAQ)

Q: Why doesn't the Email app on my Android work with MFA?
A: You must use the Outlook app for Android if your account has MFA enabled.

Q: It doesn't let me choose my office phone as an option. What should I do?
A: Please choose the option "Authentication Phone" instead. Then you can put in your office number.

Q: My phone's email app isn't accepting my password after setting up MFA. What am I doing wrong?
A: When you originally setup your account on your phone, it was configured to not be a MFA account. If you delete your account off of your phone and re-add it, it should resolve this issue. Or you can use *insert App Password Article* to access your email.

Q: How do I change my verification method for MFA?
A: You can change your verification method inside of the Office 365 Web Portal. While we outlined the steps to configure the app, all verification methods are acceptable. Here are the steps to change your MFA method.

Change your MFA verification method

1.  Navigate to https://portal.office.com.
2.  Login with your Office 365 account. This will include using the method of MFA that you are currently using.
3.  Click on your portrait (or your initials in a circle) in the upper right, and choose the option My Account.
   
4.  This will take you to a new screen.
5. Click either box that says Security and Privacy. They lead to the same place.
    
6.  Click Additional security verification (marked in green) to display the last two options.
7. Click the link Update your phone number used for account security. 
8. You must click the first link to be able to see the second!
   
9.  This will bring you to a new screen.
10. Choose Notify me through app from the top drop down.
11. Then, check the box next to Authenticator app and click Set up Authenticator app.
12. This will display a QR code on your screen.
13. Please follow the steps above to configure your app.
14. If you have the app already installed, you will be able to click the 3 dots in the upper right to find the Add Account option.
    
15.  Once your app has been configured, click Save at the bottom of the screen on your computer to save your changes.