MultiFactor Authentication MFA

From IT Public Wiki
Jump to: navigation, search

Multi-Factor Authentication (MFA)

How we use Multi-Factor Authentication

  • Multi-factor authentication (a.k.a. MFA) is a method to help the organization better secure Office 365 access. This additional security is about approving sign-in to your organizational account via using a device that is unique to you. If your professional account has somehow managed to become compromised, the account will not be able to be accessed since 'they' will not have your mobile device to approve the sign-in.

Why use the app when the option for text and/or call is available

  • The primary reason to use the app is that the app does not require you to have a paid cellular plan or for you to be in a place of cell reception. If you are going to use the Microsoft web resources, then you will have internet which the app can connect to. You can always add options for a variety of MFA scenarios. There is nothing saying that you can't sign up to use the app OR text OR phone call.

Steps to take

  • These steps can change without notice. We will do our best to keep this page up to date. Please let us know if a step doesn't make sense.


In your web browser: Open a web browser and go to https://portal.office.com
In your web browser: Log in with your email address
Office 365 Login screen
In your web browser: Log in with your password (username@baycollege.edu AND uniquepassword)
Office 365 Password screen
In your web browser: When prompted that "More information is required" click Next
More info required
You have choices to make!
Choice 1 START:
Set up the MFA Authenticator App:

In your web browser: On the "Additional security verification" page, set the following options:

  • How should we contact you? = Mobile app
  • How do you want to use the mobile app? = Receive notifications for verification
  • Verify that you have selected the appropriate options before continuing
  1. In your web browser: Click the "Set up" button
  2. On your mobile device: Open the Microsoft Authenticator app
  3. On your mobile device: Click the Plus to add a new account
  4. On your mobile device: Select work or school account
  5. On your mobile device: If you are asked to allow the Microsoft Authenticator app to use your camera, select allow
  6. On your mobile device: Point the QR reader at the QR code on the web page
  7. On your mobile device: The Microsoft Authenticator App should automatically add the account
    • If you are having trouble with this step. Close out the Authenticator app and reopen it. Try again.
  8. In your web browser: Wait for the portal web page to verify the setup
  9. On your mobile device: You should get a pop-up on the mobile device asking to Deny or Allow the logon, select Allow
  10. In your web browser: Click Next to Finish the setup
  11. Now when you log into the Office 365 portal https://portal.office.com you will be prompted with an Approve sign-in request page, and you should get a pop-up on your Microsoft Authenticator app to approve the sign in.

Choice 1 END:
Choice 2 START:

  • Set up text message authentication:
  • Click 'I want to use a different method'

Authenticator Select Page
MFA List Options
MFA List
Phone Select Page
Phone Confirmation Page
Phone Enrollment Page
Phone Success Page
Prompt to stay signed in
Main 365
Choice 2 END:

Frequently asked questions

  • Why use the Microsoft Authentication App?
    • The Authenticator app will work wherever you have a Wi-Fi connection. Some places may not have adequate cell signals and you may not be able to receive a text message.
  • Can I be removed from using MFA?
    • The MFA setting is enforced for all users, no exceptions can be made.
  • Will Staff, Faculty, and Students be required to use MFA?
    • Yes
  • Which Bay College applications require MFA?
    • Email
    • SharePoint
    • Office 365 applications including the Office 365 web page
    • OneDrive
    • Teams
    • This list will be expanded as more applications are set up to use MFA
  • I don't have a smartphone, how do I get into my O365 resources?
    • You are able to choose text messages or provide a phone number instead of using the app.
  • How often will I be asked to Approve my sign-ins?
    • Every 180 days
  • How long does the approval last?
    • 180 days. Unless:
    • You sign on a different device
    • You start a different browser or enter a Private (Incognito) browsing session.
  • Why implement MFA?
    • Multi-factor authentication provides better protection for the college and for your security. The potential risk of account high-jacking has grown significantly within the last decade and there does not seem to be an end to this vulnerability. Adopting MFA for the organization is within the business best practices scope. Additionally, many platforms now require that MFA be in place before further adoptions can be made. If we are not compliant with this now, we will be forced to do so due to changes in vendor policies.