Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process.
MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have with you can be a mobile device or hardware token. This means that even if your password is hacked, your account will remain secure.
Learn more about Microsoft’s Multi-Factor Authentication on their Overview Page.
For now, MFA impacts all faculty and staff using GlobalProtect VPN. Additional applications are being piloted within ITS only.
In the future, MFA will impact more applications and systems for faculty and staff.
While our current pilot does not impact ITS student workers, we do forsee student worker accounts being protected in the future.
Faculty and staff will need MFA authentication for:
Additionally, ITS is piloting MFA for:
Azure Admin Portal
More applications are expected to be protected with MFA in the future.
The current settings require reauthentication for GlobalProtect VPN every 7 days. Other applications are also being piloted with a reauthentication of every 7 days.
You will need to re-authenticate on each device and each browser you use.
No, the current settings authenticate all systems protected with MFA through a single authentication instance. You will only need to authenticate each device and browser once during the reauthentciation period.
The moment you try to log into one of the applications protected with MFA, you will be prompted for additional security information and walked through the MFA registration process. If using a mobile device for authentication, you will be asked to download the Microsoft Authenticator Application on your device.
You can download the apps through the links below:
For questions regarding the Microsoft Authenticator App, please refer to Microsoft's Authenticator page.
You will be able to choose a primary authentication method when you register, which you can change or update at any time. Current options are outlined below:
|Mobile Notification (Microsoft Authenticator Required)||A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in.|
|Verification Code (Microsoft Authenticator Required)||The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen.|
|Text Messages||A text message with a 6-digit code is sent to your mobile device that you will input to complete the authentication process|
|Phone Calls||A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process.|
You will also be asked to set up a backup authentication method. ITS recommends that you use your office phone as a backup, to help you access your account in case you forget or lose your mobile device.
If you need to update the office phone we have on record, you can do so by filling out the Directory Update form.
You can make changes to your authentication settings by visiting Microsoft's Security Verification page.
Yes, ITS encourages faculty and staff to use their personal device for MFA. Using a personal device will require you to have a lockscreen password on your device.
Yes, you will be prompted to enroll in Microsoft MFA for each account you own, including elevated accounts.
If you are an ITS staff member in the pilot program and you are not prompted to enroll in MFA, please contact David Abney.
If you forget your mobile device at home, you can use your backup authentication method. If that doesn't solve the problem, please contact the Service Desk at firstname.lastname@example.org or 206-296-5571.