Audience: Franklin University members with Multi-Factor Authentication enabled on their Office 365 accounts
Disclaimer: The results and functionality of the following article only apply to audience listed above
This article contains the following topics:
- What is multi-factor authentication?
- First-time enrollment in MFA
- Replacement Phone or Lost Phone
- Creating an app password for 3rd party application (read this if you are having trouble syncing your email to a mobile app)
- Further reading/FAQ
What is Multi-Factor Authentication?
Multi-factor authentication (MFA), sometimes knows as two-factor authentication, adds an extra layer of security to your Office 365 account by requiring a secondary sign-in verification by way of a text message, automated phone call, or prompt from a mobile app whenever you sign in to your account from a new device or after certain periods of time. One of the primary goals for enabling this feature is to decrease the likelihood of your account becoming compromised. With MFA enabled, even if someone possessed knowledge of your password, they would still not be able to access your account unless they also possessed your secondary authentication method.
First Time Enrollment
By setting up MFA, you add an extra layer of security to your Microsoft 365 account sign-in. For example, you first enter your password and, when prompted, you also type a dynamically generated verification code provided by an authenticator app or sent to your phone.
Sign in to Microsoft 365 with your work or school account with your password like you normally do. After you choose Sign in, you'll be prompted for more information.
The default authentication method is to use the free Microsoft Authenticator app. If you have it installed on your mobile device, select Next and follow the prompts to add this account. If you don't have it installed there is a link provided to download it.
If you would rather use SMS messages sent to your phone instead, select I want to set up a different method. Microsoft 365 will ask for your mobile number, then send you an SMS message containing a 6-digit code to verify your device.
Tip: For a faster, and more secure, experience we recommend using an authenticator app rather than SMS verification.
Once you complete the instructions to specify your additional verification method, the next time you sign in to Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided by your authenticator app or sent to you by text message.
Note: Generally you'll only need the additional verification method the first time you sign into a new app or device, or after you've changed your password. You probably won't be asked for the additional verification code on a daily basis, unless your organization requires it.
What to expect after initial configuration:
For the next several days after enrollment, you may intermittently experience reprompts to log in to various applications on your computer (Outlook, Word/Excel, OneDrive, Teams, Skype). This is expected and it is because there is a delay in your PC recognizing the new authentication method.
Any mobile apps that you are using with your Franklin University credentials will most likely re-prompt you to log in and use your secondary verification method.
I Have a Replacement Phone or I Lost My Previous Phone
If you have a new phone and you were already using a text message for your 2 factor authentication, you should be all set. However, if you are using an authenticator app, it will likely require a small configuration change so that the app on the new phone is synced to your account.
1. Log into https://myaccount.microsoft.com/
- If you do not have access to a computer or phone with a logged in session of Office365 email in your browser, you may need to log in to this site using an alternate method. Instructions for doing so are in the Lost Phone section below.
2. Click on the tile entitled Security Info with the link to Update Info.
3. Here you can click on Add method to add an additional authenticator app, which will provide the needed QR code.
- Helpful hint: It is a good idea to enroll your phone number as an alternate sign-in method for text messages, even when the authenticator app is used as the default method.
If you have lost your phone, you can still log in if you have enrolled other alternate methods of receiving multi-factor verification (assuming you have obtained a replacement device). To test this, try to access your email.
1. When you are taken to the sign in page for Franklin University during the log in process, enter your username and password. When you see the screen regarding 2 factor authentication taking place, click on the Sign in another way link.
- If you do not have access to an alternate method after clicking the Sign in another way link (as shown above), you may need to contact the Help Desk to reset your multi-factor authentication and to delete your old devices. Contact methods for the Help Desk can be found at helpdesk.franklin.edu.
2. You can then, click on Devices tab in the left hand menu to delete any devices with active sessions, such as the lost or stolen phone.
Creating an App Password for 3rd Party Applications
Some applications (including several mobile email clients such as Apple's default iOS mail client) do not support Microsoft's "modern authentication" protocol, and thus are not able to send a verification prompt to you when you attempt to sign in. Because of this, you will be unable to use MFA to sign in to these types of apps with your email account. As a workaround, you can create an app password to use instead of your actual password for these types of situations.
To create an app password:
- Log in to https://myaccount.microsoft.com/
- Click on "Update info" under the "Security info" tab
- Click on "Add method"
- Change the drop down to "App password"
- Click on "Add"
On the following screen, you will be able to generate an app password. When you create one, it will prompt you to give it a name to help you remember why you created it. A good suggestion is to use the name of the app you're connecting to.
After you create the password, it will display the password for you. This is the only time you are able to view this password. At this point, you will want to input this password into the app you are trying to sign into instead of your regular password. Please note that it may take a few minutes for this password to be usable, so you may need to wait before entering it into your application. Once this is configured, your app should sync with your email from then on (unless you completely reset the application or device).
Further Reading from Microsoft
What happens if I lose access to all of my verification methods and I am unable to log in to my account?
- You may contact the Help Desk and request that MFA be reset so that you can enroll a new verification method. Contact methods for the Help Desk can be found at helpdesk.franklin.edu.