Frequently Asked Questions about MFA

If your question is not listed below, please contact the Help Desk (helpdesk@kzoo.edu, 269.337.5800), or visit us in the Upjohn Library Commons, room 117.

Basics

What is MFA?

Multi-Factor Authentication (MFA) means using more than one key (e.g. password) to log on to a given service. You are probably familiar with MFA if your bank sends you a text message when you log in.

How does MFA work?

MFA protects your account and protects Kalamazoo College because when you sign in, you prove your identity in two ways: with something you know (a password) and something you have (usually a phone).

How do I get started?

Got one minute? Use this link and add your cell number to confirm your logins via text message: https://aka.ms/MFAsetup. Got two more minutes? Continue at that link and set up the Microsoft Authenticator app.

Implementation

Why is K implementing MFA?

MFA is a standard practice at most colleges, universities, and businesses that allow access to protected information. It helps protect personal and institutional information from theft, cyberattack, and ransomware. Additionally, K must implement MFA by July 1, 2022 to renew our cybersecurity insurance. Use of MFA will be required for all who use K’s Office 365 apps.

What’s the timeline for implementation of MFA?

All students completed MFA enrollment by May 27. The deadline for staff was June 3, 2022. The deadline for faculty was June 17, 2022.

My email stopped working; what do I do?

After enabling MFA on your account, some users find that their email stops synchronizing on their phone. It’s easy to fix: just remove your email account from your phone and re-add it. You can use our instructions for Connecting Email to a Mobile Device.

Day-to-Day

What applications will use MFA?

We are implementing MFA for all Office 365 apps (like email, Teams, Word, etc.). Notably, this list does not include signing into Windows itself, nor does it include Moodle or HornetHQ.

Briefly, Office 365 applications are Microsoft Forms, Microsoft Teams, Office 365 Exchange Online (our email), Office 365 SharePoint Online (including apps that depend on SharePoint online, like OneDrive, Word, Excel, PowerPoint). 

How often will I have to use MFA?

You should expect to see prompts to authenticate with MFA about once every 90 days.

What if I reboot my computer?

Rebooting your computer does not sign you out of the apps on your computer. You should not expect a reboot to trigger an MFA prompt.

What about Colleague? What about VPN?

MFA for Office 365 apps does not change how you will use Colleague or VPN. Continue to use these services as before.

What about my tablet?

You may choose to install the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android on a tablet, and use it in addition to (or instead of) a mobile phone. If you use Office 365 apps on your tablet, you may find it convenient to have the Microsoft Authenticator app on your tablet. Having the Microsoft Authenticator app on a tablet in addition to a phone is a good idea, so you can use your tablet to authenticate in case you get a new phone or new phone number.

What authentication method is recommended for MFA?

Information Services recommend that you add your mobile phone as your authentication phone. For your primary authentication method, we recommend the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android. It’s easier, quicker, and more secure than text messages.

Should I register more than one device for authentication?

Yes; Information Services recommends you add at least two authentication methods. For most folks, it makes sense to add a mobile phone and the Microsoft Authenticator app. It’s smart to add another method (like the Microsoft Authenticator app on a tablet) as a backup.

If I use Office 365 apps on multiple devices, do I need Microsoft Authenticator on each device?

No. You only need to download the app on one device to be able to authenticate using the Microsoft Authenticator app. For instance, when you log into Teams on a laptop, you can confirm the logon with the Microsoft Authenticator app on your mobile phone. It’s smart to add the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android to a second device, in case you have problems with your main device.

Special Circumstances

What if I work at K and I forget my mobile phone at home?

If you have a phone in your office, we suggest you add your office phone as an authentication factor, in case you need to use MFA on a day when your mobile phone is not with you.

What if I’m traveling internationally? What if I don’t have signal or data?

We suggest you download and configure the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android before you leave. With it you can sign in without receiving a text message. If your phone is connected to the Internet, you can approve sign-ins via notifications. If your phone is not connected to the Internet, the Microsoft Authenticator app can still generate codes that you can use for authentication.

What if I get a new phone number?

If you have configured a second authentication factor (like the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android) you can add your new number (even an international number) at https://aka.ms/mfasetup. You should then remove your old number if that number will not be in your control. If you have already gotten a new phone number and did not previously configure a second authentication factor, please contact the Help Desk.

What if I move my number to a new phone?

If you move your phone number to your new phone, you will continue to receive text message verification messages to that number on the new phone. We recommend you add the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android to your new phone as well.

What if I get a new phone and new number at the same time (like on study abroad)?

If you will get a new phone and new phone number at the same time (perhaps upon arrival in a study abroad location), the transition will be straightforward if you bring an existing authentication factor with you (like your old phone, or a tablet to which you’ve added the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android). You can add your new number for text verification at https://aka.ms/mfasetup, and approve the sign-in with your existing authentication factor. For example:

  1. Before leaving to get a new phone and new number, add the Microsoft Authenticator app to your old phone (you could also add the app to a tablet and bring that). This will be your existing authentication factor.
  2. Bring the existing authentication factor with you when you get your new phone
  3. When your new phone number is ready to receive text messages, visit https://aka.ms/mfasetup to add your new phone number as an authentication factor.
    • When prompted, approve the sign-in as normal. If you can’t receive a push notification to the app on your existing authentication factor, you can choose to use a verification code. To get this code, open the Microsoft Authenticator app on your existing authentication factor, and tap the entry with your kzoo.edu email address. Use the one-time password code here to approve the sign-in.
  4. When your new phone number is added as an authentication factor, be sure to get the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android for simpler, more secure sign-ins.

Additional MFA Questions

Please contact the Help Desk (helpdesk@kzoo.edu, 269.337.5800), or visit us in the Upjohn Library Commons, room 117 for additional questions.