Multi-Factor Authentication for Office 365


Multi Factor Authentication (MFA) is a security feature that requires more than one method of authentication to verify a user’s identity. MFA is important to setup since it will stop any hackers from logging into you accounts even if they obtain or guess your passwords.


How-To Guides

    1. Open a browser on your computer and go to office.ferris.edu. Sign in to your Office 365 for business account.
      mfa1

    2. You should see a window on your computer that looks like this. Click Next.
      mfa2

    3. From the drop-down menu, select Mobile App.
      mfa3

    4. Change the Radio button under Method to Receive notifications for verification.
      mfa4

    5. You now should see a window that looks like this.
      mfa5

    6. **On your phone** go to the App Store (iOS) or Play Store (Android) and search for & download Microsoft Authenticator.
      mfa6

    7. Open the authenticator app and click on the + button in top right-hand corner.
      mfa7

    8. Click on Work or school account.
      mfa8

    9. Your phone should prompt you to allow authenticator app to use your camera. Click Allow.
      mfa9

    10. Point the camera at the QR code on your screen. The app should auto detect and enroll your account.
      mfa10

    11. Go back to your screen and click Next.
      mfa11

    12. Wait for the checking activation status message.
      mfa12

    13. Once you see this page and the message “please respond to the notification on your device”. Check your phone for a new notification of the authenticator app.
      mfa13

    14. Click on the notification.
      mfa14

    15. Unlock your phone and click Approve.
      mfa15

    16. Enter your phone number.
      mfa16

    17. Click on Next. (This password is used for legacy applications that don’t support MFA, refer to our MFA support apps guide if that is required)
      mfa17
    1. After you enter your credentials in the popup window of the outlook client, Microsoft will prompt that it needs more information for enabling MFA just as shown in the screen shot below. Select NEXT.
      mfatxt1

    2. We will first configure the text message/call verification by selecting Authentication Phone and inputting your phone number.
      mfatxt2

    3. You should see the screen as shown below and will get a text from Microsoft with a code to enter. Once you get this code, enter it into the box and hit Verify.

      mfatxt3

    4. After you hit verify you will go to a page that says additional security verification, click Done. (If you need to get into some legacy applications that don’t support MFA, please refer to our MFA support apps guide.)
      mfatxt4


    5. When you hit done you have completed the MFA process and will be taken to a page similar to the on shown below.
      mfatxt5
    1. After you enter your credentials in the popup window of the outlook client, Microsoft will prompt that it needs more information for enabling MFA just as shown in the screen shot below. Select NEXT.
      mfacall1

    2. We will first configure the call verification by selecting Authentication Phone and inputting your phone number. Select Call me for Method, then select NEXT.
      mfacall2


    3. You will now receive a call to the number that you entered in the previous step.
      mfacall3


    4. Microsoft will call you. It will ask you to press pound (#) to confirm your log in. Press pound (#) on your device to confirm.



    5. Click on DONE. (This password is used for legacy applications that don’t support MFA, refer to our MFA support apps guide if that is required)
      mfacall4
  • The one-time passwords are needed for older devices or applications that do not support MFA. The password can only be used once, every additional legacy application needs a new password.

    1. Navigate to office.ferris.edu in your browser and type your email address into the box. Hit next and enter in your account password. Hit the sign in button.
      mfaguide1
      MFA Sign In Box
      MFA Sign In Password

    2. Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.
      mfaguide2

    3. Once you have clicked on your account name you will see three different option “My Office Profile”, “My account”, and “Sign out”. Click on the “My Account” tab.
      mfaguide3

    4. After clicking “View Account”, a new tab will open, click on “Security info” from the left-hand menu or click on the “UPDATE INFO" link.
      mfaguide4

    5. After clicking on either “Security info” or “UPDATE INFO” the page will refresh to allow you to add new authentication methods
      mfaguide5

    6. Next, click on the “Add method” and then select “App passwords” from the dropdown menu then click “ADD
      mfaguide6
      MFA App Password

    7. You will be asked to provide a name for the application to use this password
      mfaguide7

    8. Enter in the name you would like for the application and click next.

      mfaguide8
    9. Then the page will show you your App password; use this password to login to the legacy application.
      MFA App Password
    1. Navigate to office.ferris.edu in your browser and type your email address into the box. Hit next and enter in your account password. Hit the sign in button.
      mfachange1
      MFA Sign In
      MFA Sign In Password

    2. Once logged into your account you will see a screen like the image below; click your account name on the top right of your screen.
      mfachange2

    3. Once you have clicked on your account name you will see two different options “View account”, and “My Office Profile” Click on the “View Account” tab.
      mfachange3

    4. After clicking “View account”, a new tab will open click on the “Security info” from the left-hand menu or click on the “UPDATE INFO ” 
      mfachange4

    5. After clicking on either “Security info” or “UPDATE INFO” the page will refresh to allow you to add/delete/change authentication methods
      mfachange5

    6. Select “change” as shown in the image below
      mfachange6
    7. You will see the popup where you can change your default method for authentication. Choose your preferred method from the dropdown menu and hit “Confirm” button to save.
      MFA Change Default

      MFA Change Default

      MFA Change Default
    1. To enable Multi-Factor Authentication (MFA) on your office 365 account, please visit the following link and follow the included instructions. Below is a screenshot of the form you will need to fill out and submit to enable MFA.

      Volunteer Image 1

      If the user wants to enable Multifactor Authentication at that time they will need to answer Question 1 by selecting “Yes” and submitting the Microsoft Form. Which will then present them with the below screenshot:
      Volunteer Image 2

    2. Once the Microsoft Form has been submitted the user will receive the following email once the automated system enables Multifactor Authentication on their Office 365 account:
      Volunteer Image 3

    3. The user will now need to log into office.ferris.edu to setup their Multifactor Authentication Settings:
      Volunteer Image 4
      Volunteer Image 5
      Volunteer Image 6
      Volunteer Image 7

      Following the onscreen prompts the user can configure Multifactor Authentication for a Phone Call, Text Message, or by using the Microsoft Authenticator Application for iOS or Android devices.

      The user can review this video so see all the options prior to the enrollment process: https://www.microsoft.com/en-us/videoplayer/embed/RE2MmQR?autoplay=false


Videos

What is: Multi-Factor Authentication (MFA)
Setup MFA On Your Phone

FAQs

  • Multi-Factor Authentication (MFA) refers to an additional layer of security that is added to the login process when you access your Ferris State University resources and applications.

    MFA relies on two forms of authentication: something you know, and something you have with you. The something you know is your password. The something you have can be a mobile device or hardware token or app code. This means that even if your password is compromised, your account will remain secure. 

    Learn more about Microsoft’s Multi-Factor Authentication on their Overview Page.

  • MFA is required in certain offices on campus at this time depending on their HIPAA/FERPA/PCI interactions. The IT Services department has implemented MFA for all current employees.

  • MFA will be rolled out across campus by division. We are starting with just a couple at a time to ensure that our processes and procedures work to ensure all users can successfully register and use the MFA app or other options to authenticate. At this time students are not included in the roll out plan.

  • The current settings require reauthentication of your Office 365 account every 30 days.

  • Credential harvesting via phishing emails is a high risk to everyone.  Stolen credentials are commonly used to not only impersonate a user, or to access the user’s data externally, but also to infiltrate an organization in an attempt to gain further access into critical systems.  In order to mitigate these risks and protect the college’s employee/student data, MFA is being implemented to keep your account and the University's data safe.

  • You will be prompted to select a primary authentication method when you register, but this can be changed at any time. The options are listed below:

    Verification Method Description
    Mobile Notification (Microsoft Authenticator App Required) A push notification is sent to the authenticator app on your smartphone asking you to authenticate your log in using your Ferris credentials.
    Verification Code (Microsoft Authenticator App Required) The Microsoft Authenticator app on your smartphone will generate a verification code that updates every 30 seconds. You will be prompted to enter the most current verification code on the sign-in screen.
    Text Messages A text message is sent to your mobile device with a 6-digit code that you will input into the sign-in screen to complete the authentication process.
    Phone Calls A call is placed to the phone number you provided during registration asking you to verify you are signing in. Press the # key to complete the authenticaiton process.

    You will be prompted to setup a backup authentication method during registration. IT Services recommends that you use your office phone as a backup, in the event you forget or lose your mobile device.

     

  • Authentication is a process of identifying the user who they claim to be, this process involves a key pair which only the user knows like their username (email address/id/etc.) and password (an alphanumeric string with special characters). This process is needed to provide access to the system they need for their day-to-day tasks, such as accessing email, MyFSU, canvas, and other technologies.

  • No, you do not need a Smartphone to set up MFA. You only need a phone where you can receive calls and text messages as described in the link below.

    https://www.ferris.edu/it/security/office365mfa/index.htm

  • Once MFA is enabled you will be asked to enroll your default MFA as shown in the screenshot below.

  • You can find information on our dedicated MFA web page

    https://www.ferris.edu/it/security/office365mfa/index.htm

  • Please follow the instructions as mentioned in the link below to change/switch MFA from one to another.

    https://www.ferris.edu/it/howto/mfa-change.htm

  • Office 365 occasionally re-authenticates automatically over time (they called it token refreshing). Every time this happens, you would see a popup window on your computer and it also came with a prompt or new code on your phone.

    You should always double-check if there’s a popup window on your computer before approving any request.

  • If you have registered an alternative phone number/device for MFA, you could use them to access your account and then remove the lost device.

    If the lost device is the only device registered for MFA, you will need to contact ITSC to reset your account settings.

  • If you have registered an alternative phone number/device for MFA, you could use them to access your account.

    If you don’t have any alternative devices and it is an emergency, please contact ITSC to reset your account settings and access assistance.

  • Yes, you can still use MFA while abroad using the Authenticator App.

    If you’re using SMS as an MFA method, please keep in mind that your phone must have services in the country you are in to get the access code via SMS.