Multi-Factor Authentication for Office 365

1. Open a browser on your computer and go to office.ferris.edu. Sign in to your Office 365 for business account.
   
   
   
2. You should see a window on your computer that looks like this. Click Next.
   
   
   
3. From the drop-down menu, select Mobile App.
   
   
   
4. Change the Radio button under Method to Receive notifications for verification.
   
   
   
5. You now should see a window that looks like this.
   
   
   
6. **On your phone** go to the App Store (iOS) or Play Store (Android) and search for & download Microsoft Authenticator.
   
   
   
7. Open the authenticator app and click on the + button in top right-hand corner.
   
   
   
8. Click on Work or school account.
   
   
   
9. Your phone should prompt you to allow authenticator app to use your camera. Click Allow.
   
   
   
10. Point the camera at the QR code on your screen. The app should auto detect and enroll your account.
    
    
    
11. Go back to your screen and click Next.
    
    
    
12. Wait for the checking activation status message.
    
    
    
13. Once you see this page and the message “please respond to the notification on your device”. Check your phone for a new notification of the authenticator app.
    
    
    
14. Click on the notification.
    
    
    
15. Unlock your phone and click Approve.
    
    
    
16. Enter your phone number.
    
    
    
17. Click on Next. (This password is used for legacy applications that don’t support MFA, refer to our MFA support apps guide if that is required)
    

1. After you enter your credentials in the popup window of the outlook client, Microsoft will prompt that it needs more information for enabling MFA just as shown in the screen shot below. Select NEXT.
   
   
   
2. We will first configure the text message/call verification by selecting Authentication Phone and inputting your phone number.
   
   
   
3. You should see the screen as shown below and will get a text from Microsoft with a code to enter. Once you get this code, enter it into the box and hit Verify.
   
   
   
   
4. After you hit verify you will go to a page that says additional security verification, click Done. (If you need to get into some legacy applications that don’t support MFA, please refer to our MFA support apps guide.)
   
   
   
   
5. When you hit done you have completed the MFA process and will be taken to a page similar to the on shown below.
   

1. After you enter your credentials in the popup window of the outlook client, Microsoft will prompt that it needs more information for enabling MFA just as shown in the screen shot below. Select NEXT.
   
   
   
2. We will first configure the call verification by selecting Authentication Phone and inputting your phone number. Select Call me for Method, then select NEXT.
   
   
   
   
3. You will now receive a call to the number that you entered in the previous step.
   
   
   
   
4. Microsoft will call you. It will ask you to press pound (#) to confirm your log in. Press pound (#) on your device to confirm.
   
   
   
   
5. Click on DONE. (This password is used for legacy applications that don’t support MFA, refer to our MFA support apps guide if that is required)
   

1. Navigate to office.ferris.edu in your browser and type your email address into the box. Hit next and enter in your account password. Hit the sign in button.
   
   
   
   
   
2. Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.
   
   
   
3. Once you have clicked on your account name you will see two different options “View account”, and “My Office Profile” Click on the “View Account” tab.
   
   
   
4. After clicking “View account”, a new tab will open click on the “Security info” from the left-hand menu or click on the “UPDATE INFO ” 
   
   
   
5. After clicking on either “Security info” or “UPDATE INFO” the page will refresh to allow you to add/delete/change authentication methods
   
   
   
6. Select “change” as shown in the image below
   
7. You will see the popup where you can change your default method for authentication. Choose your preferred method from the dropdown menu and hit “Confirm” button to save.
   
   
   
   
   

Adding additional MFA methods is always a safer way to access your account in case one method is not responsive. ITS will only reset MFA methods and will not manually add in additional methods for a user. If a user wishes to have multiple MFA methods see below on how to add additional MFA methods to your account.

1.  Navigate to office.ferris.edu in your browser and type your email address into the box. Hit Next and then enter your account password. Hit the “sign in” button.                     

  

  

2.  Complete your MFA approval step. [ NOTE: This step may vary based on your default MFA option.]

3.  Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.
  

4.  Once you have clicked on your account name you will see two different options “View account”, and “My Office Profile” Click on the “View Account” tab.
  

5.  After clicking “View account”, a new tab will open click on the “Security info” from the left-hand menu or click on the “UPDATE INFO >”  
  

6.   After clicking on either “Security info” or “UPDATE INFO>” the page will refresh to allow you to add new authentication methods

  

7.  Next, click on the “Add method” and then select a method from the dropdown menu then click “ADD”

    

8.   Follow the on-screen instructions to finish the addition of the new MFA method 

It is a good practice to always keep your MFA options up to date, you can access all your MFA options by following the steps below

1.  Navigate to office.ferris.edu in your browser and type your email address into the box. Hit Next and then enter your account password. Hit the “sign in” button.                     

  

  

2.  Complete your MFA approval step. [ NOTE: This step may vary based on your default MFA option.]

3.  Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.
  

4.  Once you have clicked on your account name you will see two different options “View account”, and “My Office Profile” Click on the “View Account” tab.
  

5.  After clicking “View account”, a new tab will open click on the “Security info” from the left-hand menu or click on the “UPDATE INFO >”  
  

6.   After clicking on either “Security info” or “UPDATE INFO>” the page will refresh to allow you to view all your MFA options. Here you can add/modify/delete MFA options or change the default sign-in method.

  

For authentication using TOTP or Physical OTP token, IT services/your department will provide you with a physical token that will be used for authentication after MFA is enabled on the account using Physical token. If a user is unable to perform their MFA method ITS will only reset the MFA methods on the user’s account. If that user is only configured with a Hardware Token such as an OTP token the customer will need to utilize the OTP token to log into Office 365. If that token is not in the possession of the user it is the responsibility of the user to retrieve it. If the hardware token is lost, stolen, or damaged the user will need to contact the ITSC to submit a service request.

If you are assigned a TOTP or Physical OTP token for authentication, then you will be asked to provide the 6 digit token displayed on the screen after you enter your credentials as described below.

1.  Navigate to office.ferris.edu enter your email address in the username section and click next then enter the password and click Sign in.

  

2.  Now the login screen will ask you to enter the TOTP key as displayed on the physical token after pressing the Power button. 

  

Note: If for some reason you are unable to click verify click on the sign-in another way and select enter code from authenticator app and repeat the process to log in again.

If you would like to use a Yubikey for authentication please follow the instructions below. Note before you can add Yubikey we recommend adding an alternate method for MFA authentication as we noticed sometimes the Yubikey doesn’t work as expected in our environment.

 

1.  Navigate to office.ferris.edu enter your email address in the username section and click next then enter the password and click Sign in.

 

  

2.  Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.

3.  Once you have clicked on your account name you will see two different options “View account”, and “My Office Profile” Click on the “View Account” tab.

4.  After clicking “View account”, a new tab will open click on the “Security info” from the left-hand menu or click on the “UPDATE INFO >”  

5.  After clicking on either “Security info” or “UPDATE INFO>” the page will refresh to allow you to add/delete/change authentication methods 

6.  Click on Add Method and select Security Key from the dropdown options then click “Add”

7.  Then follow the onscreen instructions by clicking on the Next button

Select the type of security key you are using. In this instance, we are using a USB device

After selecting the type of Key you will be prompted by a series of screens that will guide you through the setup process. Most of the security keys follow almost the same setup. When you click the Next button the screen will refresh and will prompt you to plug in the USB if it has not been plugged in already.

Click Ok to allow the security key to be set up with your account

Click Ok to finish the last setting for your security key

If this is your first time setting up the security Key it will ask you to set up a pin which can be any number. then click on ok button

Note: Please remember this number as it will be used for future setups or logins

Enter the desired name for your security key and click on the Next button

The next screen shows you that you have successfully set up using the Security key. Click Done to complete the process.

1.   Navigate to Office.ferris.edu then click on Sign-in options as shown below

2.   Plugin your security Key to the computer then select the option to sign in with a security key

3.   Enter the pin you have used to set up the security key

4.   Touch the security key to authenticate with your account 

5.   You have now successfully logged into your account using the security key 

Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process when you access your Ferris State University resources and applications.

MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have can be a mobile device or hardware token or app code. This means that even if your password is compromised, your account will remain secure. 

Learn more about Microsoft’s Multi-Factor Authentication on their Overview Page.

MFA is required in certain offices on campus at this time depending on their HIPAA/FERPA/PCI interactions. The IT Services department has implemented MFA for all current employees.

MFA will be rolled out across campus by division. We are starting with just a couple at a time to ensure that our processes and procedures work to ensure all users can successfully register and use the MFA app or other options to authenticate. At this time students are not included in the roll out plan.

The current settings require re-authentication of your Office 365 account every 120 days.

If you share content from Office 365 into Canvas such as OneDrive links and your students are getting “Permission Errors” when attempting to click on the link you’ll need to re-log into Canvas to resolve this issue.

Credential harvesting via phishing emails is a high risk to everyone.  Stolen credentials are commonly used to not only impersonate a user, or to access the user’s data externally, but also to infiltrate an organization in an attempt to gain further access into critical systems.  In order to mitigate these risks and protect the college’s employee/student data, MFA is being implemented to keep your account and the University's data safe.

You will be prompted to select a primary authentication method when you register, but this can be changed at any time. The options are listed below:

Verification Method	Description
Mobile Notification (Microsoft Authenticator App Required)	A push notification is sent to the authenticator app on your smartphone asking you to authenticate your log in using your Ferris credentials.
Verification Code (Microsoft Authenticator App Required)	The Microsoft Authenticator app on your smartphone will generate a verification code that updates every 30 seconds. You will be prompted to enter the most current verification code on the sign-in screen.
Text Messages	A text message is sent to your mobile device with a 6-digit code that you will input into the sign-in screen to complete the authentication process.
Phone Calls	A call is placed to the phone number you provided during registration asking you to verify you are signing in. Press the # key to complete the authentication process.

You will be prompted to setup a backup authentication method during registration. IT Services recommends that you use your office phone as a backup, in the event you forget or lose your mobile device.

 

Authentication is a process of identifying the user who they claim to be, this process involves a key pair which only the user knows like their username (email address/id/etc.) and password (an alphanumeric string with special characters). This process is needed to provide access to the system they need for their day-to-day tasks, such as accessing email, MyFSU, canvas, and other technologies.

No, you do not need a Smartphone to set up MFA. You only need a phone where you can receive calls and text messages as described in the link below.

https://www.ferris.edu/it/security/office365mfa/index.htm

Once MFA is enabled you will be asked to enroll your default MFA as shown in the screen shot below.

You can find information on our dedicated MFA web page

https://www.ferris.edu/it/security/office365mfa/index.htm

Please follow the instructions as mentioned in the link below to change/switch MFA from one to another.

https://www.ferris.edu/it/howto/mfa-change.htm

Office 365 occasionally re-authenticates automatically over time (they called it token refreshing). Every time this happens, you would see a popup window on your computer and it also came with a prompt or new code on your phone.

You should always double-check if there’s a popup window on your computer before approving any request.

If you have registered an alternative phone number/device for MFA, you could use them to access your account and then remove the lost device.

If the lost device is the only device registered for MFA, you will need to contact ITSC to reset your account settings.

If you have registered an alternative phone number/device for MFA, you could use them to access your account.

If you don’t have any alternative devices and it is an emergency, please contact ITSC to reset your account settings and access assistance.

Yes, you can still use MFA while abroad using the Authenticator App.

If you’re using SMS as an MFA method, please keep in mind that your phone must have services in the country you are in to get the access code via SMS.

You could have more than one device/number registered for the MFA. It is better (but not required) to have 2 devices or more for MFA in case you have lost/forgot one.

No, you don’t have to remove the old device(s) to add a new one. You only need to remove a device if you are no longer have access to it.

Ø  Please follow the instructions as mentioned in the “Adding Additional MFA Methods” section above.

Ø  Please follow the instructions as mentioned in the “Access My MFA methods” section above.

Ø  Some of the alternatives for not using a personal number to set up MFA are to use an office phone number or using the authenticator app which is free of cost for MFA.