Multifactor Authentication FAQ
Below you will find FAQs about multi-factor authentication with Microsoft 365 applications, including email. Please let us know in the comments down below if you have additional questions that are not covered in this article about using Microsoft 365 applications with multi-factor authentication. Thanks!
- What is Multi-Factor Authentication (MFA)?
- Why are we adding MFA?
- Why do this now?
- Who is currently impacted by MFA?
- What applications/systems are currently protected with MFA?
- How often do I have to re-authenticate?
- How do I enroll in MFA?
- What are my authentication options?
- I am an traveling abroad, what is the best authentication method?
- How do I set up the Microsoft Authenticator App on my phone?
- How do I setup a FIDO2 Security Key?
- How do I change or update my authentication method?
- Can I use my Personal Device to set-up MFA?
- What if I forget/lose my mobile device?
- What if I experience issues with MFA?
What is Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process.
MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have with you can be a mobile device or hardware token. This means that even if your password is hacked, your account will remain secure.
Learn more about Microsoft’s Multi-Factor Authentication on our Overview Page.
Why are we adding MFA?
Cybercriminals are getting bolder about compromising the valuable data held within all sectors across the globe. Authenticating to our domain systems with a username and password alone leaves your account vulnerable to hijacking attempts. Schools, Businesses, and private organizations (like Amazon and Google) are implementing stronger layers of cybersecurity in the form of more modern and secure access methods.
Why do this now?
There are many reasons that many businesses needs to proceed at this time with adding multi-factor authentication to verify your identity when accessing Microsoft applications:
- Microsoft is continuing with plans to move to Modern Authentication in October which means that some devices and browsers may stop working when secure application access is required.
- One of the top security compromises is through email. Many people have compromised their email accounts by unwittingly clicking on a fraudulent or phishing email, oftentimes causing major losses financially and of personal information.
As some of us continue to work and learn from home, it is more important than ever that we all help safeguard both personal information and customer private data.
Who is currently impacted by MFA?
MFA is required for all staff, guests and temporary employees working outside on of our networked Branches. If you are not on the PRM network in a branch office MFA is required.
What applications/systems are currently protected with MFA?
Anytime you see a Microsoft sign-in page you will need to authenticate your account:
How often do I have to re-authenticate?
Default Settings for Applications: For each desktop and mobile application used, you will be prompted for MFA once until you perform one of the actions listed below, then you will receive the MFA prompt again.
Default Settings for Browsers: For each browser you use, you will be prompted for MFA once and as long as you say "yes" to stay signed in, you will not receive an MFA prompt until you perform one of the actions below. If you select "no" on stay signed in, then you will not be prompted for MFA until you close your browser window.
IT recommends selecting “yes” to the browser prompt below, to receive fewer authentication requests and stay signed into your regularly used device. Otherwise, users will be prompted again for MFA when you close and reopen your browser.
List of Examples Actions that will Cause Microsoft to Prompt for MFA:
- Switching to a new browser
- Switching to a new device
- If a device, browser, or Office desktop/mobile application is not used for 90 days or more
- Resetting your PRM password
- Clearing browser cookies (or using a browser that is setup to clear cookies after it is closed or is setup not to save any cookies)
- Not selecting “Yes” on the “Keep me signed-in” pop-up box
- Signing out of a Microsoft 365 application
- Using an incognito/private browser window
- Having two or more Microsoft school or work accounts registered with your windows device
- IT revoking MFA sessions if your device is lost or stolen
- Your MFA settings are cleared and require you to re-register with MFA
- When Microsoft prompts you to “Allow my organization to manage this device”
- Microsoft verifying your password recovery information is still correct once every 180 days
- Microsoft labels the user as a risky user based on sign-in activity and will prompt MFA again to ensure security
- "Impossible Travel" If your account is signed in somewhere geographically not possible to travel to in the time allowed (i.e. logging into your account from Oregon and someone else tries logging into it from Florida a minute later)
How do I enroll in MFA?
Add your security information to self-register here
What are my authentication options?
You will be able to choose a primary authentication method when you register, which you can change or update at any time. IT recommends using the Microsoft Authenticator app push notifications as it works internationally and provides a better user experience. International users should use the Microsoft Authenticator Application via their phone. Current options are outlined below:
Verification Method | Description |
Mobile Notification (Microsoft Authenticator Application Required) | A push notification is sent to the authenticator app on your smartphone asking you to Authenticate your log in. (This option is recommended for all users) |
Verification Code (Microsoft Authenticator Application Required) | The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen. |
Text Messages | A text message with a 6-digit code is sent to your mobile device that you will input to complete the authentication process |
Phone Calls | A call is placed to your mobile phone asking you to verify you are signing in. Press the # key to complete the authentication process. |
FIDO2 Security Keys | FIDO2 security keys are an unphishable standards-based passwordless authentication method usually consisting of a USB Dongle connected to your device, but could also be Bluetooth or NFC |
You will also be asked to set up a backup authentication method. IT recommends that you use your office phone as a backup, to help you access your account in case you forget or lose your mobile device.
If you need to update the office phone we have on record, you can do so by navigating to the Security Basics on your Microsoft Profile.
I am an traveling abroad, what is the best authentication method?
Anyone who is traveling abroad should use the Microsoft Authenticator Application on their device. Text message and phone calls may not be accessible during travel. Wi-Fi is required to authenticate.
How do I set up the Microsoft Authenticator App on my phone?
Use our How to use the Microsoft Authenticator app or watch Microsoft’s How to register for Azure Multi-Factor Authentication. For questions regarding the Microsoft Authenticator App, please refer to Microsoft's Authenticator page.
How do I setup a FIDO2 Security Key?
You would need to purchase a device if you would like to setup this method of authentication. You can find a list of supported FIDO2 devices here. Use the link to Register the FIDO2 Security Key to add a FIDO2 security key to your account. IT can assist with any questions.
How do I change or update my authentication method?
You can make changes to your authentication settings by visiting Microsoft's Security Verification page. For instructions follow our How to use the MS Authenticator App Guide.
Can I use my Personal Device to set-up MFA?
Yes, IT encourages the use of a personal device for MFA.
What if I forget/lose my mobile device?
If you forget your mobile device at home, you can use your backup authentication method. If that doesn't solve the problem, please contact us at [email protected] or 503-905-4910.
What if I experience issues with MFA?
For assistance, please review Microsoft’s MFA Troubleshooting Page or you can contact us at [email protected] or 503-905-4910.