MFA: Frequently Asked Questions

Skip to a question:

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process.

MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have with you can be a mobile device or hardware token. This means that even if your password is hacked, your account will remain secure. 

Learn more about Microsoft’s Multi-Factor Authentication on their Overview Page.

Who is currently impacted by MFA?

For now, MFA impacts all faculty and staff using GlobalProtect VPN. Additional applications are being piloted within ITS only. 

In the future, MFA will impact more applications and systems for faculty and staff. 

Will MFA affect ITS student workers?

While our current pilot does not impact ITS student workers, we do forsee student worker accounts being protected in the future. 

What applications/systems are currently protected with MFA?

Faculty and staff will need MFA authentication for:

  • GlobalProtect VPN

Additionally, ITS is piloting MFA for: 

Azure Admin Portal

  • Azure Active Directory
  • Azure DevOps
  • Exchange Online Admin Center
  • Microsoft 365 Admin Center
  • SharePoint Admin Center
  • Connecting to these systems via PowerShell

Microsoft 365

  • Excel
  • Forms
  • Outlook
  • OneDrive
  • Power Apps
  • Power Automate
  • Power BI
  • PowerPoint
  • SharePoint
  • Teams
  • Word


  • Axiom
  • Campus Labs / ConnectSU
  • Canvas
  • CareerShift
  • DocuSign
  • EZProxy
  • Give Pulse
  • Handshake
  • iParq
  • Jira / Confluence / StatusPage
  • Library Catalog / Primo
  • Maxient
  • Megamation
  • PeopleGrove
  • Pharos / Redhawk SOAR
  • Raiser's Edge NXT
  • TutorTrac
  • Zoom

More applications are expected to be protected with MFA in the future.

How often do I have to re-authenticate?

The current settings require reauthentication for GlobalProtect VPN every 7 days. Other applications are also being piloted with a reauthentication of every 7 days.

You will need to re-authenticate on each device and each browser you use.

Do I have to authenticate through MFA separately for each application or system?

No, the current settings authenticate all systems protected with MFA through a single authentication instance. You will only need to authenticate each device and browser once during the reauthentciation period.

How do I enroll in MFA?

The moment you try to log into one of the applications protected with MFA, you will be prompted for additional security information and walked through the MFA registration process. If using a mobile device for authentication, you will be asked to download the Microsoft Authenticator Application on your device.

You can download the apps through the links below:


For questions regarding the Microsoft Authenticator App, please refer to Microsoft's Authenticator page.

What are my authentication options?

You will be able to choose a primary authentication method when you register, which you can change or update at any time. Current options are outlined below:

Verification MethodDescription
Mobile Notification (Microsoft Authenticator Required) A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in.
Verification Code (Microsoft Authenticator Required) The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen.
Text Messages A text message with a 6-digit code is sent to your mobile device that you will input to complete the authentication process
Phone Calls A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process.

You will also be asked to set up a backup authentication method. ITS recommends that you use your office phone as a backup, to help you access your account in case you forget or lose your mobile device. 

If you need to update the office phone we have on record, you can do so by filling out the Directory Update form.

How do I change or update my authentication method?

You can make changes to your authentication settings by visiting Microsoft's Security Verification page.

Can I use my Personal Device to set-up MFA?

Yes, ITS encourages faculty and staff to use their personal device for MFA. Using a personal device will require you to have a lockscreen password on your device. 

If I have an elevated account, do I have to enroll in MFA?

Yes, you will be prompted to enroll in Microsoft MFA for each account you own, including elevated accounts.

What if I am not prompted to enroll in MFA?

If you are an ITS staff member in the pilot program and you are not prompted to enroll in MFA, please contact David Abney.

What if I forget my mobile device at home?

If you forget your mobile device at home, you can use your backup authentication method. If that doesn't solve the problem, please contact the Service Desk at or 206-296-5571.

What if I experience issues with MFA?

You can contact the Service Desk at or 206-296-5571 or review Microsoft’s MFA Troubleshooting Page

Contact the Service Desk

Service Desk Hours:

Monday - Friday 7am-7pm
Saturday-Sunday 9am-4pm