What services will be protected by MFA?
MFA will apply to all services below. Please note this list is subject to change as services are added to Office 365 Single Sign-on.
-
Your Office 365 email account through the web.
-
Office 365 collaboration applications, such as Outlook, Skype for Business, and Teams.
-
Office 365 OneDrive, and any Office 365 client applications that integrate with it, such as Word, Excel, and PowerPoint.
-
MSU Denver web services integrated with office 365 Single Sign-on, such as Canvas, RAVE, Slate, and Academic Works.
Whose accounts will have MFA enabled?
MFA is currently enabled for all student, faculty, and staff accounts.
How do I set up MFA once ITS has enabled it on my account?
Please see How do I set up MFA for the first time using the Authenticator App? Instructions are also provided on Microsoft's support website.
How do I switch to using the Authenticator app instead of receiving a phone call?
Please see How do I switch to using the Authenticator app instead of receiving a phone call?
How often will I need to use my second authentication factor?
Campus network locations and the MSU Denver WiFi network are whitelisted for MFA, so users are only prompted to use their second authentication factor on unsecured or off-campus networks. In these situations, the frequency of MFA prompts will depend on the applications and devices being used. Typical single-computer users on the web version of Outlook should only receive a login prompt once a day, while users on a client version of Outlook (either desktop or mobile app) may see prompts less frequently. Remember that the Office 365 Single Sign-on service allows your login session to persist between applications, e.g. if you're logged in to Canvas and your session is still active (you haven't logged out or timed out due to inactivity), you can open Outlook on the web on the same device without a second login prompt.
Other organizations let me get a code via SMS text message. Why can't I set up MFA that way here?
The National Institute of Standards and Technology (NIST) Special Publication 800-63: Digital Identity Guidelines publication puts both phone- and SMS-based One Time Password (OTP) options on a restricted list, noting that the rise in phone SIM card hijacking has made these authentication methods insecure. The MSU Denver Information Security team has determined phone-based OTP is an acceptable risk but have chosen not to accept the risk of SMS OTP in our environment. In the event phone-based OTP is deprecated by NIST, a migration plan will be created to move anyone using phone-based OTP to an acceptable authentication method.
Can I use my Skype for Business phone number as my second authentication factor?
Yes. However, anyone who works off-site should keep their second authentication factor in mind. Ideally, you should have more than one authentication method set up to make sure you can always verify a second authentication factor no matter where you are. Additional authentication factors can be set up by accessing your Office 365 account online, then navigating to: My Account > Security & privacy > Additional security verification
Can I set up more than one authentication method?
Yes, and ITS strongly encourages it! We recommend setting up a personal phone (either via call or mobile app) as well as your Skype for Business phone. Additional authentication factors can be set up by accessing your Office 365 account online, then navigating to: My Account > Security & privacy > Additional security verification.
What if I don't have a cell phone, or don't want to use my cell phone?
Cell phones are commonly used in MFA environments because they have their own security and are generally associated with one person, allowing them to function as a digital ID badge. While you could use a static phone number instead, this may create situations where you are unable to access your account if you are unable to access this phone. If you do not have a phone, please contact ITS for assistance.
If I authenticate with the Microsoft Authenticator app, will I be charged for the data use?
You will not be charged for data use if your device is on a Wi-Fi connection. Otherwise, please check with your service provider.
If I authenticate with a personal phone number, will I be charged for the call?
Please check with your service provider.
I keep getting prompted to log in on certain phone/computer apps! How do I fix this?
Certain applications require an app-specific password to connect to your Office 365 account. Please visit Microsoft's website for more information on how to create an Office 365 app password.