Microsoft Office 365 Multi-factor Authentication
Description
Multi-factor authentication (MFA) requires users to sign-in using more than one verification method, which helps keep you and the University safe by preventing cybercriminals from gaining access to personal, restricted and confidential information.
St. Cloud State requires MFA for Office 365 accounts, which verifies an individual’s identity through their username/password combination, and device(s) they select (e.g. their mobile phone and/or work phone).
Getting Started
Frequently Asked Questions (FAQ)
This list of frequently asked questions about multi-factor authentication (MFA) for Office 365 was gathered by St. Cloud State University Information Technology Services. Please direct suggestions for additional questions to HuskyTech at huskytech@stcloudstate.edu, (320) 308-7000, Miller Center 102).
Where can I change my MFA options (e.g. phone number or preferences)?
I can't authenticate using my preferred options, how do I switch to an alternative method?
Sometimes you don't have the phone or device that you set up as your preferred verification method. This situation is why we recommend that you set up backup methods for your account. Follow the steps below to sign in with an alternative method.
- Sign in to Office 365 using your username and password.
- Select Sign in another way.
- You will see different verification options based on how many you have setup. Choose an alternate method and sign in.
What authentication options are available for SCSU Office 365 MFA?
- Microsoft Authenticator App. This is the recommended method and the easiest to use. Simply approve a push notification on your smartphone to logon.
- Other Authenticator Apps. There are a number of other compatible apps available for smartphones. A 6-digit code is entered in order to logon.
- Cell Phone Text Message. A text message is sent to a cell phone with the 6-digit code required to logon.
- Phone Call. An automated phone call is used to approve the logon. This can go to a cell phone or landline. An office phone can also be used for this option.
- Other Options. If you are unable to use the above options, please Contact HuskyTech for available methods (e.g. physical tokens or fobs).
How do I re-sync my calendar in EAB Navigate?
After enabling Office 365 MFA your automatic calendar sync in Navigate will fail. To correct the issue, re-sync the calendar by following the instructions. You should only need to re-sync once after enabling MFA.
How do I reconfigure my Microsoft Authenticator App if I have a lost/new/reset device?
If you turned on Cloud Backup on your old device, you can use your old backup to recover your account credentials on your new iOS or an Android device. For more info, see the Backup and recover account credentials with Authenticator article.
If Cloud Backup is not enabled, but you are still able to access the “Additional security verification” page for your account https://account.activedirectory.windowsazure.com/Proofup.aspx , Click the “Delete” button next to your old device, then click the “Set up Authenticator app” button to configure your new device following the steps for your phone here:
Android Authenticator App Installation Process
iPhone Authenticator App Installation Process
If you are not able to access your SCSU Office 365 account, please contact HuskyTech at huskytech@stcloudstate.edu or (320) 308-7000.
What if I don't have access to a phone?
On those occasions when you have no direct access to your mobile or alternate phone and are prompted to verify your Office 365 credentials, please contact HuskyTech at huskytech@stcloudstate.edu or (320) 308-7000.
What if I'm offline?
On those occasions when you have no cellular, WiFi, or wired Internet access and are prompted to verify your Office 365 credentials, you can still use the Microsoft Authenticator app on your phone to view a rolling, one-time password that you can enter as verification. These one-time passwords are generated even when your phone is offline.
What email services are compatible with Office 365 multi-factor authentication?
Below is a list of common email services that are known to be compatible with Office 365 multi-factor authentication:
- Microsoft Outlook desktop application for Windows and macOS
- Microsoft Outlook mobile app for Android and iOS
- Gmail app for Android
- Mail app for iOS
- Outlook online through a web browser
Does multi-factor authentication apply to desktop versions of Microsoft Office applications?
Once multi-factor authentication is enabled, you will use a second verification method any time you are asked for your credentials while using any component of Microsoft Office 365. Although you are not asked to sign in and verify frequently when using the installed versions of Office 365 applications, it does happen occasionally.
Do I have to verify my credentials every time I access Microsoft Office 365 services?
In most cases, no. When you successfully log in to Office 365, the authentication token or key is saved to that device and unlocks your access for a period of time. After that token expires, you will be prompted to log in using multi-factor authentication. There are several things that can trigger a new login sooner:
- A change to your StarID password
- Logging in using a device that has never accessed your Office 365 account before
- Logging in from another geographical location
- Manually signing out of your Office 365 account the last time you used it
- Using a browser in private browsing mode
Why do I have to use MFA every time I log in?
When accessing Your SCSU Office365 account through a web browser, there are some options to reduce the number of times that you are prompted to sign in and complete the MFA challenge.
- On your personal devices, instead of clicking “Sign out” when done with your Office365 session, just close the tabs you were working in. The next time you go to Office your previous session will be restored.
- Using a private browsing mode (Chrome Incognito, Edge InPrivate…) will cause an Office365 MFA prompt every time you log in. Switch to a normal browsing tab when using Office365
- If your browser is set to block all cookies, or you are using another program that blocks cookies, you will be prompted for MFA at every log in. Change your settings to reduce MFA.
- When using the same device on the same network, the Office365 desktop apps should not require MFA every time you open them. If they are, please contact HuskyTech at huskytech@stcloudstate.edu or (320) 308-7000.
Is it safe to give out my cell phone number for MFA?
Yes. Your verification methods and phone numbers are stored securely, much like a password. Now that MFA is protecting your account, your personal information is even safer!
Does adding my account to the Microsoft Authenticator app give SCSU or Minnesota State access to my device?
No, registering a device gives your device access to SCSU services, but doesn't allow SCSU or Minnesota State access to your device. It’s like SCSU is giving you a key, and you are adding that key to your own personal keyring.
Can I turn MFA off temporarily or permanently?
Once enabled, you cannot disable MFA on your SCSU Office 365 account. For issues regarding Office 365 MFA, please contact HuskyTech at huskytech@stcloudstate.edu or (320) 308-7000.
If I don't have anything valuable in Office 365, why should I worry?
Even though it may not be obvious, you probably do have valuable information stored in your SCSU Office 365 services, including confidential email messages, attachments, and contact information in Outlook, private files in OneDrive and Teams folders, or personal notes in OneNote. The risk extends beyond stealing data. For example, someone posing as you could send malicious emails from your account and engage in other behavior harmful to you and others if they gain access to your account.
What are the chances of my password being stolen?
Although it may be frightening to hear, it has probably happened already. Given the scope of recent breaches of popular services such as Dropbox, Chegg, Experian, Target, Adobe, and more, everyone should assume that one of their passwords has been stolen at some point. Although it was probably encrypted, thieves may have attempted to break the encryption. If you didn't use a strong password, they may have already cracked it.
In addition to being caught in data breaches, passwords can be stolen many other ways. For example, through phishing scams or by simply writing it on a piece of paper to be found on a desk, in a wallet, or in the dumpster. Passwords can be intercepted when using unsecured Wi-Fi networks at the coffee shop, airport, or hotel. It is even possible to unknowingly have malware installed on your laptop that could be recording activity and sending it to thieves online. Given these possibilities – and many more – you should always be on the defensive, making sure to follow proper security precautions to protect your accounts.
MFA is a great way to help protect your accounts from compromise due to your password being stolen. Enable MFA for your other personal accounts as well (social media, banking, shopping, email…).