Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cell phone or a fingerprint scan.
If you only use a password to authenticate your user account, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn't something that's easy for an attacker to obtain or duplicate.
Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:
- Something you know, typically a password.
- Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key.
- Something you are - biometrics, like a fingerprint or face scan.
This is the login process for authenticating with Azure AD. Azure AD is used with some of the services that we use in the district. This allows us to have more securityas well as a common account so that you do not need to have many different accounts and passwords set up. The other authentication method that we use a lot is Google Authentication. Azure AD is similar to that. Many financial institutions now require you now to use a 2nd factor, or what is referred to as 2FA or multifactor to use their applications or website now. This adds more security.
Here are some screens that you will see when signing into an application or website that has Azure AD for its authentication.
If you would like to download the Microsoft Authenticator app from your phone or other devices' application store here is a download link for that.
If you would like to use a different authenticator app read further in this article and it will show you how to do that from the text link "I want to use a different authenticator app"
If you don't have a device that you can setup an authenticator app on you can have it call a phone or send an SMS message. read further for these instructions as well.
After installing the Microsoft Authenticator app launch it and press the + to add an account.
Scan the QR code that is on the screen with your device or click can't scan image? and you will get a code that can be long to enter in to pair the two accounts together.
By pressing approve on the screen of your device, you will then complete the multifaceted authentication step. This one was just a test.
You have setup the Microsoft Authenticator app.
If you wanted to use other authenticator applications other than this one like Authy or Google Authenticator. From the instructions above get to the screen that looks like this and click on the text "I want to use a different authentication app"
Open the application that you are going to use and add an account. You can then scan the QR code.
After the paring, you will confirm with a 6-digit code that will refresh every minute. This will test to make sure the random numbers match what is expected.
This completes the 3rd party authenticator applications.
For setting up a phone call or SMS you will get to the screen that looks like this and click on the link for "I want to setup a different method"
Choose Phone from the drop-down.
Enter in a phone number that you can either get SMS messages on or a phone that you can answer like a desk phone.
The phone number that send you a code via SMS will be a short 5-digit phone number. This will text you a 6 digit code like the authenticator app for verification every time.
Example of text me a code.
For phone calls, a call from Midland Public Schools main line will call you and it will ask you do press a button to confirm. After you have completed, this is what it will look like when you sign in to verify.
If you want to modify or add additional forms of authentication after this first option, you can go here and add or remove them. If you remove them all you will be prompted the next time to set one up again. Another form factor for authentication that you can add is a FIDO2 security key. This is a USB key that has security features in it.
https://mysignins.microsoft.com/security-info