MFA/SSPR Frequently Asked Questions

Overview

The following provides a list of general Frequency Asked Questions regarding Multi Factor Authentication and Self Service Password Reset. 

The list will be updated periodically as more questions are added. 

  1. What is Multi Factor Authentication (MFA)?
  2. Why do we need MFA?
  3. How is MFA being used at Acadia?
  4. What application do I use for MFA/SSPR?
  5. How often do I have to re-authenticate for MFA?
  6. Can I add additional/backup authentication methods?
  7. There are several notification methods, which one should I use?
  8. How do I change my default authentication method?
  9. What if I forget my phone?
  10. How to transfer MFA to a new phone?
  11. Do I need data or Wi-Fi to use the authenticator app on my phone?
  12. What if I use a different SIM card when traveling? Will authentications still work? 
  13. How is my Personal Information protected?
  14. My mobile device was lost or stolen. What should I do?
  15. I just got a new mobile device. What should I do?
  16. Can I setup MFA and trust my device for a period of time? 
  17. I setup MFA according to the guide, but it does not appear to be prompting me?
  18. I received a notification to approve a sign in when I wasn’t trying to log in to a service. What should I do?
  19. Microsoft's FAQ

What is Multi Factor Authentication (MFA)?

Multi-factor Authentication, otherwise known as MFA helps fortify online accounts by enabling a second piece of information to login – like a one-time code.  It can be applied to your home accounts, such as iTunes, Netflix, Google and work accounts, such as Microsoft 365. 

Why do we need MFA?

Passwords alone are easy to hack.  There are many techniques used by bad actors to harvest or guess your password.  We see evidence of this daily. As we adopt cloud-based solutions and applications we gain many benefits.  Global access to applications and data does come with a cost.  Our applications and data are available from anywhere, by anyone with a username and password. Statistically MFA can reduce the likelihood that your account will be compromised by 99.9%.

How is MFA being used at Acadia?

Not all applications and services will require MFA. Initially, only Microsoft 365 will require MFA.  This includes:

  • Email
  • Teams
  • OneDrive
  • SharePoint
  • Office web apps (Word, Excel, etc.)
  • Other M365 applications (accessed via the Microsoft 365 Portal)

What application do I use for MFA/SSPR?

Technology Services recommends using Microsoft Authenticator app. The app is available for free in both Google's Play Store and Apple's App stores. It can be used with your University account as well with personal accounts, such as Instagram, FaceBook and other social media accounts. 

You can use another authenticator app besides the Microsoft app. However, please keep in mind that Microsoft Authenticator is Acadia's recommended and supported authentication app.  Support for other applications will be limited. 

How often do I have to re-authenticate for MFA?

It depends on whether you’re on an Acadia-owned or personal device, what network you’re connected to and how long it's been since you've authenticated.

If you connect using a new computer or device, or a new browser, you will be asked to authenticate. But, you will not continually be asked to authenticate through MFA once you've logged in.  And, as other systems come become a part ot it, you're access will become even smoother. 

Here are some general tips to help reduce how often you’re prompted:

  • When logging in through a web browser on personal devices, select to "Stay signed in". NOTE: Do not do this when using shared or public computers. 
  • Use an Acadia-owned device (for faculty and staff) whenever possible
  • Use desktop/mobile apps instead of a web browser – you’ll be prompted to log in less often if you download apps like Teams, Outlook (for checking email/calendar), and Office Apps (Word, Excel, etc.) directly onto your computer or mobile device instead of using the web versions.

Can I add additional/backup authentication methods?

Yes, you can add additional/backup authentication methods to your account at any time. In fact, we recommend that you have more than one authentication method especially if you have multiple work locations and devices. Go to https://myaccount.microsoft.com

  1. Log in with your email and password if prompted (if you're already logged in to M365, you won't need to log in)
  2. In the Security info section, click Update Info >
  3. Click + Add method.

We suggest that users use the Authenticator app with a phone method as backup.  For travelling, the 6-digit code method works best. All other methods: Auth app Approve/Deny, Phone call, and SMS require cellular or WiFi,  The 6 digit code method via the Auth app does not require any connection for the phone at all.

There are several notification methods, which one should I use?

Technology Services recommends using the Microsoft Authenticator app push notification. We suggest that you also provide at least one other method of contact (ie.mobile phone, landline) to help prevent being locked out of your account if your phone is lost or not with you.
Unlike MFA, SSPR will allow the use of a personal email address as a verification method.
See: Adding Additional MFA/SSPR Authentication Methods.

How do I change my default authentication method?

  1. Go to https://myaccount.microsoft.com
  2. Log in with your Acadia Email and Password if prompted (if you're already logged in to M365, you won't need to log in)
  3. In the Security info section, click Update Info >
  4. Next to Default sign-in method: click Change
  5. Select the method you would like from the drop down then click Confirm

What if I forget my phone? 

If possible, retrieve your device. Or, click "sign in another way" and use your backup method(s).

If you don't have a backup option, and cannot easily retrieve your device, please contact the TS Service Desk. 

Update your security info to include other methods to ensure you have backup methods: Adding Additional MFA/SSPR Authentication Methods including the option of calling your desk phone. 

How do I switch my MFA on a new phone

If you get a new phone, you can switch the MFA to the new device. Follow the instructions for How to transfer my MFA to a new device

Do I need data or Wi-Fi to use the authenticator app on my phone?

No. The Authenticator app provides a verification code option that will work even if you aren't connected to Wi-Fi or using cellular data.  See Microsoft's Authenticator app FAQ for more information.

To use a verification code instead of an approval notification to sign in:

  1. When prompted for MFA, click the 'sign in another way' link
  2. Select the 'Use a verification code from my mobile app' option
  3. Open the authenticator app on your mobile device and click on your Acadia account (displayed as 'Azure AD' followed by your Acadia email address). A one-time password code will be displayed
  4. Enter the one-time password code from the app on the log in screen to finish logging in 

If desired, you can also change your default authentication method to always use verification codes.

The 6-digit code method via the Authenticator app does not require any WiFi or cellular connection for the phone.

What if I use a different SIM card when traveling? Will authentications still work? 

This depends on the method used for MFA - The app-based method with Microsoft Authenticator uses data (mobile and/or WiFi) so it will remain active, however the Authenticator app will continue to produce onetime use codes regardless of data, cell signal or Internet use abilities.
If your phone number changes for any reason, phone calls and SMS (text) push will not function until updated numbers are entered in your account as authentication methods. 

We are also strongly suggesting that anyone traveling abroad or to locations with poor cell service use the Authenticator app via the 6-digit code method. The 6 digit code method via the Auth app does not require any connection for the phone at all. 

How is my Personal Information protected?

Personal Information:  You do need personal information, such as phone number in order to use two step verification authentication to setup. An alternate email is used for Self Service Password Reset (SSPR).  This information is used by Technology Services to support you in terms of identity verification in case of lost/forgotten devices or passwords, or during a cybersecurity breach (i.e. compromised account).   

Microsoft will never call or text or share your number or other Personal Information.

Authenticator App: The Microsoft Authenticator app itself only has permission to send you push notifications and to access the camera when taking a picture of the QR code. It does not give Acadia University access to any of the data on your device or the traffic that passes through it. The Authenticator App is not set to track location of its users. 

The Microsoft Authenticator app is an industry standard form of protection. It attaches your account to a device you own, providing a second factor of authentication to your password. It only exists to confirm your identity with something that is owned and accessed by you only, and to ensure that it is you signing into your account. You can also use Microsoft Authenticator to enable and use MFA for protecting personal accounts (e.g. Facebook and Gmail) which is highly recommended.  

 

My mobile device was lost or stolen. What should I do?

If your mobile device with the Microsoft Authenticator App is lost or stolen, please contact Technology Services to let them know about the loss or theft of the device. Our team will work with you to determine how best to proceed with both the MFA options and the loss of the device.

You should also visit https://myaccount.microsoft.com using one of your alternate MFA methods to deactivate your phone to prevent it from being used to access your account in. This is located in the "Security Info" section.

On the initial set up, you can also create a back up of the authentication app which would give you access to your information in case of a lost or stolen device.

I just got a new mobile device. What should I do?

If you get a new phone, or if you’ve re-installed the Microsoft Authenticator app, you'll need to re-add the app as an authentication method to your account.

To do this, you’ll need to log in using a backup MFA method you already have set up.
If you don’t have a backup method set up or can’t use your backup method, contact the TS Service Desk  for help.

Can I setup MFA and trust my device for a period of time? 

Registering your device with Microsoft Authenticator will enable it to receive push notifications when your account is accessed. However, at the current time, it's not possible to automatically accept the notifications on a trusted device. 

I setup MFA according to the guide, but it does not appear to be prompting me?

After you register and enrol for MFA, there is a process that runs to enable the account.  Once this has run MFA will prompt you to authenticate.  You will receive a confirmation email that MFA is enabled on your account. If you do not receive an email within 24 hours, please contact the Service Desk. Please note that you will not be enabled over the weekend to ensure a smooth transition and that support is available.  

I received a notification to approve a sign in when I wasn’t trying to log in to a service. What should I do?

Do not approve the sign-in and contact the TS Service Desk. Someone might be trying to log in to your account as you.

Note: If a service stops working for you after you deny the login, it was likely you.

You can review your M365 sign-ins at any time in your M365 account portal (https://myaccount.microsoft.com) - click ‘My sign-ins’ in the menu. These details can help you figure out if the device attempting to log in is yours.

If you have any questions or concerns related to a sign-in attempt, please contact the TS Service Desk.

Microsoft FAQs

Microsoft maintains additional FAQ specifically about the Authenticator app.  Click here for more information

0% helpful - 2 reviews

Details

Article ID: 994
Created
Thu 10/29/20 9:07 AM
Modified
Mon 4/25/22 10:50 AM

Related Articles (1)