Summary
This article explains how to configure a CCS Microsoft 365 account for use with Mutli-Factor Authentication (MFA).
It is recommended to first read the related article linked below titled Multi-Factor Authentication (MFA) - FAQs for CCS Accounts before attempting to configure MFA in Microsoft 365.
Related Articles
Multi-Factor Authentication (MFA) – FAQs for CCS Accounts & Bigfoot Accounts
Setup Instructions
Additional Security Verification Information
As detailed in the above linked article for MFA FAQs, users will be prompted for additional security details as they access CCS Microsoft 365 services. To complete the initial MFA configuration or to make changes to an existing configuration, navigate to the Additional security verification page.
Security information requested during this process yields an added benefit of self-service password changes or resets directly via Microsoft 365, eliminating the need to request assistance from the IT Support Center during business hours.
After clicking the setup link, a login prompt or an additional security verification page will appear. If not already logged in, follow all prompts to login to Microsoft 365 and proceed to the additional security verification page.
The additional security verification page allows configuration of separate verification options for multi-factor authentication and requires one to be set as the default. Although only one option can be set as default, Microsoft recommends configuring more than one verification method in case the default is unavailable.
Authentication phone
- Considered the least secure method
- Allows a choice of receiving the authentication code through a text/SMS message or a phone call
- Recommended to also enter information for an alternate authentication phone, which is used in instances where the primary authentication phone is not available
- When accessing an Microsoft365 resource requiring multi-factor authentication and the default verification option is set to call or text an authentication phone, the following occurs:
- An MFA prompt appears
- A code is sent to the authentication phone through text or call
- The code must be entered at the MFA prompt
- Access to the resource is granted
- Additional details are available from Microsoft to set up a mobile device as a verification method
Office phone
- Not a recommended method for employee use at CCS. Most MFA scenarios are required off-campus where an office phone is not accessible
- When accessing an Microsoft365 resource requiring MFA with the default verification option set to call an office phone, the following occurs:
- An MFA prompt appears
- A call is generated to the office phone
- The code must be entered at the MFA prompt
- Access to the resource is granted
- Additional details are available in the article from Microsoft to setup an office phone as a verification method
Authenticator app
- Considered the most secure method
- Authenticator is a Microsoft app for iOS or Android and is required to use this option
- Authenticator may be configured to either:
- Receive a notification for verification on the device Authenticator is installed on or
- Use a verification code, which requires opening the Authenticator app, retrieving the code, and typing it into the MFA prompt
- When accessing an Microsoft365 resource requiring MFA with the default verification option set to use the Authenticator app, the following occurs:
- An MFA prompt appears
- Either a notification prompt is sent, or a code is requested from the Authenticator app
- The notification must be accepted, or the code must be entered at the MFA prompt
- Access to the resource is granted
- Additional details are available from Microsoft to set up the Authenticator app as a verification method
Sign-In Experience Using MFA with Microsoft 365
Additional details are available from Microsoft that describe the typical sign-in experience using MFA with Microsoft 365. The experiences differ based on the option chosen as the default authentication method.