What is Multifactor Authentication?
As the name suggests, it uses multiple methods to identify if you’re really who you claim to be. As a user, you’ll have to acknowledge a phone call, text message or app notification to prove your credentials. You’re allowed to access the site/app only after you clear this second authentication as well.
Broadly speaking, MFA authenticates with:
- Something you know, like a password
- Something you have, like a trusted device (cell phone, land line phone or alternate email address)
Such a detailed authentication method offers much better security than mere passwords. This way, even if an attacker hacks your password, it’s useless without other information.
Setting up MFA
The first step in using Multifactor Authentication is to set up a few verification methods. If you don't have additional verification methods set up in your Office 365 account, once MFA is enabled for your account at GU, you will be prompted when you next sign in: "Help us protect your account. Your admin has required that you set up this account for additional security verification." Click "Set it up now."
We strongly recommend setting up more than one verification method. For example, if you travel a lot, consider setting up Microsoft Authenticator and cell phone number. Choose one or more (preferably more) verification methods from the drop-down list.
Use the Authenticator App
The easiest and most secure method for people who frequently have their cellphone handy and don't mind installing additional apps on their phones.
Download the Microsoft Authenticator App from your cellphone's app store. Configure the app by scanning the Barcode on your computer screen. When you log into GU SSO resources in the future, you will type in your username and GU password, then Microsoft will send your Authenticator App a push notification where you press "Approve" or "Deny". The Authenticator App sends your response to the login process to finish the verification process.
Set up a few alternate phone numbers where you can be called for a code
This method will work well for people without a cell phone or those who don't want to install additional apps.
Check the "Call Me" method.
- You will get a call to that number immediately to verify that you have access to that phone.
- Once you put in the verification code, that device will be an active verification method.
When you log into GU SSO resources in the future, you will type in your username and GU password, then Microsoft will call your preferred Authentication Phone, an automated recording will give you a verification code that you will type into the login screen to finish the verification process.
Set up an alternate cell phone number where you can be texted a code
This method is less secure than the Authenticator App option, but will work for people who do not want to install additional apps on their phones.
Check the "Send me a Text Message" method.
- Once you put in the verification code, that device will be an active verification method.
When you log into GU SSO resources in the future, you will type in your username and GU password, then Microsoft will text a verification code to your preferred Authentication Phone that you will type into the login screen to finish the verification process.
Email and Security Questions can NOT be used as verification methods.
There are two other options in the drop-down list: Alternate Email and Security Questions. You can set up an alternate email and security questions in your "My Sign-Ins Security Info" page. Having those pieces of information setup in your account may help you for resetting your password (presuming your account has been enabled for Microsoft password reset). But you will not be able to set an alternate email address or security questions as verification methods.
Changing your Verification Settings
After the initial security set up of your Microsoft Office 365 Security Verification Settings, you can make changes HERE.
When changing your Verification method, you should see the following screen:
If you are using the Microsoft Authenticator
Click on “Change” (circled on the screenshot image in red) by the “Default sign-in method:”. You can then select “Notification” to receive a push notification to your device that asks you to Approve or Deny the authentication request instead of sending a code. Push notifications are both easier and more secure; ITS recommends using this method.