Office365 Multi-Factor Authentication (MFA)
What is Office 365 Multi-Factor Authentication (MFA)?
Multi-Factor Authentication (MFA) is the most effective way to protect your Microsoft Office 365 account from malicious sign-ins. MFA works by requiring something you know (like a password) AND something you have (like a phone). MFA will prompt you to enter a unique 6-digit verification code sent via SMS text/phone call or approved through the Microsoft Authenticator App. Without being able to provide that “second factor”, malicious actors cannot sign into an account to steal data or send phishing messages. The Information Technology Division (IT) enforces MFA for your Microsoft Office 365 account.
Sign in and click next
Sign into your account with your password, like you normally do. After you choose “Sign in”, you will be prompted for more information. Click next.
MFA Setup Wizard
Choose one of the following options: Authentication phone, Office phone, Mobile app, and then click Set Up.
How to set up your choice
- Authentication phone
- Enter your phone number
- Select the option to have a text message or voice call to the number entered
- Click “Next.”
Note: If you selected “Send me a code by text message,” MFA will prompt you to enter the code sent to your device. Enter the code and click “Verify.” If you selected “Call me,” MFA will display “Verifying phone: Answer it to continue.” The incoming call will display “RESTRICTED.” Answer the call, and follow the instructions.
- Office phone
- Enter your phone number
- Click “Next.” MFA will display “Verifying phone: Answer it to continue.” The incoming call will display “RESTRICTED.” Answer the call, and follow the instructions of which key or keys to enter.
- Mobile app - download the Microsoft Authenticator App from the app store or scan the QR codes below.
- Authentication phone
After Setting Up Multi-Factor Authentication
Whenever you sign into Microsoft 365 from a new location and at regular intervals, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided via text/phone-call or completing an approval through your authenticator app. Each application (Outlook, Teams, SharePoint) will prompt for MFA. It is normal to get multiple MFA prompts during a verification interval.
Additional Important Information
If you receive an unexpected MFA verification text or authenticator app approval request (unexpected as in you are not on a device awaiting MFA entry), DENY the MFA prompt on the authenticator app and immediately change your password through Clever by going to https://sso.browardschools.com (in the top right corner, click on your name, and choose “Change AD Password” in the dropdown menu).
Where can I change my MFA options (ex: phone number, mobile number, or preferences)?
After successfully logging into Office 365, you can edit your MFA options anytime at the following address: https://myaccount.microsoft.com/ .Under Security info, click Update Info. Then choose Add Method.
Sometimes you might not be near the phone or device that you set up as your preferred verification method. To avoid this situation, we recommend that you set up backup methods for your account. You can use the “Add Method” feature to have as many methods as needed.
I can't authenticate using my preferred options, how do I switch to an alternative method?
If you don't have the phone or device that you set up as your preferred verification method with you when prompted, follow the steps below to sign in with an alternative method. You must set these options up prior to their becoming available. See the previous section for more details.
- Sign into Office 365 using your username and password.
- Select Sign in another way.
- You will see different verification options based on how many you have setup. Choose an alternate method and sign in.
If you do not see the options you would like to have, after successfully logging into Office 365, you can add MFA options anytime at the following address: https://myaccount.microsoft.com/. Under Security info click Update Info. Then choose +Add Method.
How do I reconfigure my Phone or Microsoft Authenticator App if I have a lost/new/reset device?
After successfully logging into Office 365, you can update to a new phone anytime at the following address: https://myaccount.microsoft.com/. Under Security info click Update Info.
For your primary Phone: Click “Change” to select a new phone number.
For Microsoft Authenticator: Click the “Delete” button next to your old device, then click “Add method” to set up the Microsoft Authenticator app on your new cell.
What if I'm offline?
On those occasions when you have no cellular, WiFi, or wired Internet access and are prompted to verify your Office 365 credentials, you can still use the Microsoft Authenticator app on your phone to view a rolling, one-time password that you can enter as verification. These one-time passwords are generated even when your phone is offline.
- A message will appear asking to approve a sign-in request.
- The message to verify your identity will be displayed next.
- The Microsoft Authenticator app will open. Choose the arrow next to the @browardschools.com email.
- A one-time passcode will appear for verification.
Do I have to verify my credentials every time I access Microsoft Office 365 services?
In most cases, no. When you successfully log in to Office 365, the authentication token or key is saved to that device and unlocks your access for a period of time. After that token expires, you will be prompted to log in using multi-factor authentication. There are several things that can trigger a new login sooner:
- A change to your Active Directory password
- Logging in using a device that has never accessed your Office 365 account before
- Logging in from another geographical location
- Manually signing out of your Office 365 account the last time you used it
- Using a browser in private browsing mode
Why do I have to use MFA every time I log in?
When accessing your account through a web browser, there are some options to reduce the number of times that you are prompted to sign in and complete the MFA challenge.
- On your personal devices, instead of clicking “Sign out” when done with your Office365 session, just close the tabs you were working in. The next time you go to Office 365, your previous session will be restored.
- Using a private browsing mode (Chrome Incognito, Firefox New Private Window, Edge InPrivate…) will cause an Office365 MFA prompt every time you log in. Switch to a normal browsing tab when using Office365.
- If your browser is set to block all cookies, or you are using another program that blocks cookies, you will be prompted for MFA at every login. Change your settings to reduce MFA.
- When using the same device on the same network, the Office365 desktop apps should not require MFA every time you open them.
Is it safe to give out my cell phone number for MFA?
Yes. Your verification methods and phone numbers are stored securely, much like a password. Now that MFA is protecting your account, your personal information is even safer!
Does adding my account to the Microsoft Authenticator app give BCPS access to my device?
No. Registering a device gives your device access to your Office 365 account, but does not allow BCPS access to your device. It’s like Office 365 is giving you a key, and you are adding that key to your own personal keyring.
If I don't have anything valuable in Office 365, why should I worry?
Even though it may not be obvious, you probably do have valuable information stored in your Office 365 account, including confidential email messages, attachments, and contact information in Outlook, private files in OneDrive and Teams folders, or personal notes in OneNote. The risk extends beyond stealing data. For example, someone posing as you could send malicious emails from your account and engage in other behavior harmful to you and others if they gain access to your account. Recipients of the malicious email will think you have sent them the items, your account can be used to send anything (inappropriate items, pictures, bad reputation items) the attacker wishes to deliver to your contacts.
What are the chances of my password being stolen?
Although it may be frightening to hear if you have used your password with other services, chances are, the attackers already know it. Given our own cyber-attack and the scope of recent breaches of popular services such as Gmail, Yahoo, Experian, Target, Adobe, and more, everyone should assume that one of their passwords has been stolen at some point. Although it was probably encrypted, thieves may have attempted to break the encryption. If you didn't use a strong password, they have already cracked it.
Passwords can be stolen in many other ways. For example, through phishing scams or by simply writing it on a piece of paper to be found on a desk, in a wallet, or in the dumpster. Passwords can be intercepted when using unsecured Wi-Fi networks at a coffee shop, airport, or hotel. It is even possible to unknowingly have malware installed on your laptop that could be recording activity and sending it to thieves online. Given these possibilities – and many more – you should always be on the defensive, making sure to follow proper security precautions to protect your accounts.
MFA is a great way to help protect your accounts from compromise due to your password being stolen. Enable MFA for your other personal accounts as well (social media, banking, shopping, email…). You can use the Microsoft Authenticator App for all of your accounts that accept MFA – O365 is just one of many you can protect!