About Multi-Factor Authentication (MFA)
What is it?
Multi-Factor Authentication (MFA) means using more than one key (e.g. password) to log on to a given service. You are probably familiar with MFA if your bank sends you a text message when you log in. We are using MFA for all Office 365 apps (like email, Teams, Word, etc.).
MFA is a standard practice at most colleges, universities, and businesses for when those businesses allow access to protected information. It helps protect personal and institutional information from theft, cyberattack, and ransomware. MFA protects your account and protects Kalamazoo College because when you sign in, you prove your identity in two ways: with something you know (a password) and something you have (usually a phone). Additionally, K must use MFA to comply with insurance requirements. Use of MFA will be required for all who use K’s Office 365 apps.
MFA Implementation & Set-Up
- Go to https://aka.ms/MFAsetup before the “completed by” date listed in the MFA implementation schedule.
- For the easiest and most secure method of authentication, download either the Microsoft Authenticator app (Apple App Store) or Microsoft Authenticator app (Google Play).
Using email on a smartphone?
If you use email on a smartphone, you may need to remove and re-add your email account to your mobile device, which will enable modern authentication.
- Frequency of Authentication – Expect to see prompts to authenticate with MFA will occur about once every 90 days.
- Computer Rebooting – Rebooting your computer does not sign you out of the apps on your computer. You should not expect a reboot to trigger an MFA prompt.
- MFA and VPN – MFA for Office 365 apps does not change how you will use Colleague or VPN. Continue to use these services as before.
- Tablets – It may be convenient to have the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android on your tablet in addition to your phone. If you do so, you can use your tablet to authenticate in case you get a new phone or new phone number.
- Microsoft Authenticator per Device – You do not need the Microsoft Authenticator on each device you use Office 365 apps. You only need to download the app on one device to be able to authenticate using the Microsoft Authenticator app. For instance, when you log into Teams on a laptop, you can confirm the logon with the Microsoft Authenticator app on your mobile phone. It’s smart to add the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android to a second device, in case you have problems with your main device.
MFA Troubleshooting and Tips
Issue: Email stops working
After enabling MFA on your account, some users find that their email stops synchronizing on their phone. It’s easy to fix: just remove your email account from your phone and re-add it. You can use our instructions for Connecting Email to a Mobile Device.
Tip: I don’t have signal or data
We suggest you download and configure the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android before you leave. With it you can sign in without receiving a text message. If your phone is connected to the Internet, you can approve sign-ins via notifications. If your phone is not connected to the Internet, the Microsoft Authenticator app can still generate codes that you can use for authentication.
Tip: I got a new phone number and/or a new phone
Just a New Phone Number
If you have configured a second authentication factor (like the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android) you can add your new number (even an international number) at https://aka.ms/mfasetup. You should then remove your old number if that number will not be in your control. If you have already gotten a new phone number and did not previously configure a second authentication factor, please contact the Help Desk.
Just a New Phone
If you move your phone number to your new phone, you will continue to receive text message verification messages to that number on the new phone. We recommend you add the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android to your new phone as well.
New Number and New Phone at the same time
If you will get a new phone and new phone number at the same time (perhaps upon arrival in a study abroad location), the transition will be straightforward if you bring an existing authentication factor with you (like your old phone, or a tablet to which you’ve added the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android). You can add your new number for text verification at https://aka.ms/mfasetup, and approve the sign-in with your existing authentication factor. For example:
- Before leaving to get a new phone and new number, add the Microsoft Authenticator app to your old phone (you could also add the app to a tablet and bring that). This will be your existing authentication factor.
- Bring the existing authentication factor with you when you get your new phone
- When your new phone number is ready to receive text messages, visit https://aka.ms/mfasetup to add your new phone number as an authentication factor.
- When prompted, approve the sign-in as normal. If you can’t receive a push notification to the app on your existing authentication factor, you can choose to use a verification code. To get this code, open the Microsoft Authenticator app on your existing authentication factor, and tap the entry with your kzoo.edu email address. Use the one-time password code here to approve the sign-in.
- When your new phone number is added as an authentication factor, be sure to get the Microsoft Authenticator app for iOS or the Microsoft Authenticator app for Android for simpler, more secure sign-ins.
Tip (K Employees): I forgot my mobile phone at home and I’m at work
If you have a phone in your office, we suggest you add your office phone as an authentication factor, in case you need to use MFA on a day when your mobile phone is not with you.
Having MFA trouble? This Multi-Factor Authentication (MFA) reset form should be used if you are having trouble gaining access to your account via your current MFA methods. Possible scenarios where this could happen include:
- You’ve received a new phone number which is no longer connected to your account.
- A new smart device has prevented your Authenticator application from working properly.
- You aren’t receiving authentication notifications properly.
If we are able to verify your identity against our records, your passwords will be reset within two business days.
After a reset, your next log on will require a new Multi-Factor Authentication method before accessing your account.
MFA Reset Form
Please Login to use this form.
Problems or questions?
Please contact the Help Desk (firstname.lastname@example.org, 269.337.5800), or visit us in the Upjohn Library Commons, room 117 for additional questions.