How to Setup Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn a user's password, it is useless without also having possession of the additional authentication method. It works by requiring any of the following verification methods after you enter your password:

  • A one-time passcode generated by a token device
  • A phone call with a one-time passcode
  • A smartphone authenticator app with push-notification approval or a one-time passcode
Important: At Missouri State University, MFA is used with Office 365 Education and Admin Banner. As of September 24, 2019 all Admin Banner users must use MFA to log in. Currently, only some departments require the use of MFA with Office 365, but in the future, all Missouri State users will use MFA to keep their accounts secure.

Step-by-Step Guide

Set Up your MFA Options

  1. Open your web browser and navigate to the Microsoft Security Info page: https://www.missouristate.edu/securitysetup
  2. Sign in with your Office 365 Login username and password. This is your BearPass Login followed by the Missouri State domain you were assigned after creating your account, and you will use your regular BearPass password: 
    1. BearPassLogin@MissouriState.edu (faculty/staff with accounts prior to December 11, 2019)
    2. BearPassLogin@Live.MissouriState.edu (students with accounts prior to December 11, 2019) 
    3. BearPassLogin@Login.MissouriState.edu (new faculty/staff/students after December 11, 2019Sign in to Microsoft with Office365 credentials
  3. You will be prompted about staying signed in. Choose No if you are on a public computer.
    Stay Signed In option on the MFA site.
  4. You will be prompted to set up additional information. Click Next.
    "More Information Required" screen with "Next" highlighted.
  5. You will be asked to start by setting up the Microsoft Authenticator application. Click Next to continue. For more information about setting up and using this app, see How to Set Up the Microsoft Authenticator App.
    Microsoft Authenticator setup page

    Please Note: If you do not want to use the Microsoft Authenticator app, you can choose I want to set up a different method and select the Phone option instead. Email is not an authentication option for MFA, but it can be used for self-service password reset (SSPR).
    The Keep your account secure page showing the Microsoft Authenticator option
  6. Once you've downloaded the Microsoft Authenticator app, click Next. Keep this webpage open.
    Microsoft Authenticator Set up your account prompt

  7. Within the Microsoft Authenticator app on your device, select Add Account Work or school account.
    Authenticator Work or school account option as shown on an iPhone

  8. The QR scanner will open, use it to capture the QR code that appears on the Keep your account secure page.
    Scan the QR code prompt

  9. Now that the app has been configured, the site will ask you to test it to verify that the app is connected to your account.
    Let's try it out prompt

  10. It will send a push notification to your Microsoft Authenticator app; select Approve within the app to proceed.
    Approve the notification within authenticator as shown on an iPhone

  11. The Microsoft Authenticator app is configured and verified. Select Next to add a second authentication option.
    Notification approved success message page

  12. Select Phone to set up a phone number as an authentication option.

    Please Note: Email is not an authentication option for MFA, but it can be used for self-service password reset (SSPR).
  13. To set up the phone option, enter a phone number where you can be reliably contacted. A cell phone number is recommended, but you can use an office phone number if desired. However, if you need to authenticate, you will need to be in your office to use the phone verification option. 

    • Select text me to receive a 6-digit code via SMS on your cell phone to verify your phone number. Enter the code on the webpage to proceed.
    • Select call me to receive an automated call to verify your phone number. You will be prompted to select the pound (#) key during the call and this will automatically verify your phone number.

      Phone setup page

  14. After verifying your phone number, select Next.
    SMS Verified page

  15. You have successfully set up two verification options. Click Done to complete the Multi-Factor Authentication setup process.
    Success message showing the two verification methods

How to Log in with MFA

Once MFA is activated on your Office 365 account, your computer must be updated to at least Office 2016. If you are using an older version, such as Office 2013, you will not be able to sign in to Outlook or other applications with Office 365 MFA.
  1. Once MFA has been turned on for your Office 365 and/or Admin Banner account, you will sign in with your Office 365 Login. 
    Logging in to Office365 screen

    Please Note: Once MFA is activated on your Admin Banner account, you will no longer have a separate Banner username and password. You will log in with your Office 365 username and password: abc123@missouristate.edu
  2. You will see a screen similar to the one below when logging in with MFA on both Office 365 and Admin Banner, depending on the preferred verification option you selected above. The example below uses the Microsoft Authenticator app as the preferred option.
    MFA login prompt for Authenticator App

    Please Note: How often you are required to authenticate depends on several factors, including whether you are using a new device, a different browser, a browser in private/incognito mode, etc. You will be prompted to approve sign-in requests for every device that you log in with, including your work computer, laptop, mobile phone, tablet, etc. At a minimum, you will be prompted to authenticate your log ins to Admin Banner every seven (7) days and Office 365 every ninety (90) days. 
  3. If you are unable to authenticate with your preferred option you will be able to choose another authentication method from your selected options. Simply select Sign in another way to use a different method.
    MFA sign in verification prompt with "sign in another way" highlighted.
     
  4. Choose one of the available options to approve your sign-on attempt.
    Verify identity options within MFA
Once MFA is activated on your Office365 account, your computer must be updated to at least Office 2016. If you are using an older version, such as Office 2013, you will not be able to sign in to Outlook or other applications with Office365 MFA. You will also need to authenticate every instance where you are signed into an Office365 application. This includes:
  • Outlook on your desktop
  • The Outlook app on your mobile device(s)
  • Office365 online
  • Any Office365 mobile apps or desktop applications, such as OneNote, Teams, Groups, OneDrive for Business, and the Word, Excel, and PowerPoint apps.
  • The native email client on your mobile device, such as Mail on iOS. We highly recommend the Outlook mobile app for the best experience.
    • The native Android email client cannot be used with MFA. Please download the Outlook mobile app instead.

Please contact the Missouri State - Information Security Office if you have any questions or concerns: InformationSecurity@MissouriState.edu

References

Microsoft - How it works: Azure Multi-Factor Authentication
Microsoft - How to Set Up the Microsoft Authenticator App
Microsoft - MFA Setup
Microsoft - Set up 2-step verification for Office 365
Microsoft - Use Microsoft Authenticator with Office 365
Missouri State - Information Security Office

 


To request help related to this article, please see our Service Catalog.