Microsoft Multi-Factor Authentication (MFA)

To log in to Microsoft to set up your MFA, use the following link:

https://myaccount.microsoft.com and select the Security Info button after logging in.

 

Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a one-time code, a push request on a phone or tablet, a physical security key, or a fingerprint scan.

If you only use a password to authenticate your user account, it leaves your account open to attack by hackers or other bad actors. If the password is weak or has been exposed through a compromised system outside of MPS, an attacker could be using it to gain access to your MPS account. When a second form of authentication is required, security is increased because this additional factor is difficult for an attacker to obtain or duplicate.

Conceptual image of the various forms of multi-factor authentication.

Microsoft Multi-Factor Authentication works by requiring two or more of the following authentication methods:

  • Something you know, a password.
  • Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key.
  • Something you are - biometrics, like a fingerprint or face scan.

This is the login process for authenticating with Microsoft. Microsoft authentication is used with some of the services we use in the district to allow for single sign-on. This provides both more security as well as a common account, reducing the number of accounts and passwords you have to remember. The other single sign-on authentication method used frequently at MPS is Google Authentication. This process is similar to what financial institutions and other organizations are doing world-wide as a minimum to protect accounts, information, and most importantly, people.

Below are some of the screens that you will see when signing into an application or website that uses Microsoft for its authentication.

MS Sign In WIndow

MS Password screen

MS telling user that they need to gather information to complete multifactor authentication.

MS get Microsoft Authenticator app download or use different authenticator app.

One-Time Passcode (OTP) Authenticator App

One of the most popular ways of enabling MFA is through the use of a One-Time Passcode (OTP) Authenticator App. These are applications that run on a phone, tablet, or computer and provide a passcode that will be requested by the service or web page to which you are authenticating.  The instructions below walk you through setting up Microsoft Authenticator, but you can use whichever Authenticator App that you prefer. Other favorite OTP apps are Authy, Google Authenticator, and LastPass Authenticator. If you are already using another of these apps and are having trouble setting up your MFA, please reach out to the help desk and they can assist you with getting set up.

 

If you would like to download the Microsoft Authenticator app for your phone or another device, the download links are below:
 

If you would like to use a different authenticator app read further in this article and it will show you how to do that from the text link "I want to use a different authenticator app"
If you don't have a device that you can setup an authenticator app.

After installing the Microsoft Authenticator app launch it and press the + to add an account.

Setup Microsoft Authenticator app and if shown select "Work or school"

Scan the QR code that is on the screen with your device or click can't scan image? and you will get a code that can be long to enter in to pair the two accounts together.

MS Scan the QR code to pair app to account

MS Let's try it out

By pressing approve on the screen of your device, you will then complete the multifaceted authentication step. This one was just a test.

MS Notification approved

MS Success!

You have setup the Microsoft Authenticator app.

If you wanted to use other authenticator applications other than this one like Authy or Google Authenticator. From the instructions above get to the screen that looks like this and click on the text "I want to use a different authentication app"

MS get Microsoft Authenticator app download or use different authenticator app.

MS authenticator app setup your account.

Open the application that you are going to use and add an account. You can then scan the QR code.

MS Scan the QR code

After the pairing, you will confirm with a 6-digit code that refreshes every minute. This will test to make sure the random numbers match what is expected.

MS confirm with a 6 digit code that will show up on the authenticator app

This completes the OTP authenticator setup.

Using physical security keys to increase protection

A physical security key is a small device that you can buy to help verify it’s you when you sign in. When your identity needs to be verified, you can simply connect the key to your phone, tablet, or computer and press the button when prompted. You can order physical security keys through the help desk.

To sign in to new devices, you may also use the security key built into a compatible phone.

Tip: Security keys help protect your Microsoft Account from phishing attacks when a hacker tries to trick you into giving them your password or other personal information. 

Adding or changing forms of authentication

If you want to modify or add additional forms of authentication after this first option, you can use the link below to add or remove them. If you remove them all, you will be prompted the next time to set one up again. 

https://mysignins.microsoft.com/security-info

 

 

Was this helpful?
0% helpful - 1 review

Details

Article ID: 152059
Created
Thu 11/3/22 3:43 PM
Modified
Wed 1/17/24 2:17 PM