Top

Articles in this section

See more

Multi-Factor Authentication for Office 365 and Other Applications

Avatar
Colin Luther
Updated
Follow

Audience: Franklin University staff, faculty, adjuncts, students, and alumni.

Disclaimer: The results and functionality of the following article only apply to audience listed above

Topics:

  1. What is Multi-Factor Authentication (MFA)?

  2. Setting Up MFA and MFA Types

     - Passkey

     - Authenticator App

     - Call or Text Message

  3. Replacement Phone or Lost Phone
  4. FAQs

 

What is Multi-Factor Authentication?

Multi-factor authentication (MFA), sometimes knows as two-factor authentication, requires a secondary sign-in verification after entering your password to provide an extra layer of privacy protection. MFA is used for your email, Canvas, Self Service, and more.

MFA is required for all student, staff, and faculty accounts. As it is a regulatory requirement, it is not optional and we will not bypass it for your account. 

One of the primary goals for enabling this feature is to decrease the likelihood of your account becoming compromised. With MFA enabled, even if someone possessed knowledge of your password, they would still not be able to access your account unless they also possessed your secondary authentication method.

 

Setting Up MFA and MFA Types

When you first gain access to your student or employee account, you will be prompted to setup your MFA. The following MFA methods are listed below in order of their security ability. We recommend using a passkey for the best results, but all listed methods are allowed at this time. 

1. Setting Up and Using a Passkey - Suggested Method

A passkey lets you use MFA with your phone's identity management such as your fingerprint or face scan on your phone. It is the most secure method that we recommend using as your primary MFA method. 

  • Steps 1 - 3 below show first time setup. MFA prompts after setup are shown in Step 4. 

Important: The example below shows using the Microsoft Authenticator app. However, other apps, including Apples built in password manager, some browsers, and other authenticator apps will also work for storing passkeys.

1. When signing in, choose that your account is a Work or School account, rather than a personal account (if asked).

2. If presented with this screen or similar screen, press Next

  • Keep in mind that the prompts may vary somewhat based on the storage app or location for your passkey. The screenshots below may not match exactly, but the root process is still the same.

IMG_3280.PNG

3. Follow the on-screen prompts to setup and store your passkey in your phone or mobile device. If using the Authenticator app, choose within the account listed Create a passkey

IMG_3279.PNG

4. When prompted in the future for MFA, it will appear in the form of an MFA code. Scanning that code with your phone or mobile device (with the saved passkey) will then trigger your fingerprint scan or face scan on your phone to serve as your MFA. Press Next to be presented with that QR code. 

Passkey 4.png

 

2. Using an Authenticator App (Microsoft Authenticator is the preferred app)

Even if you have set up a passkey (as shown above), you can also setup Microsoft Authenticator as a backup MFA method. Use the following page to setup another MFA method. https://mysignins.microsoft.com/security-info. Otherwise you can be presented with this option when first setting up your MFA. 

1. When signing in, choose that your account is a Work or School account, rather than a personal account (if asked). 

2. Download the free Authenticator app from Microsoft using the App Store or Google Play. 

3. On your computer, when prompted for another MFA option, choose Microsoft Authenticator

6a.png

4. Follow the prompts to be presented with a QR code. 

7a.png

5. Within the Microsoft Authenticator app on your mobile device, use this button to add a new account by scanning that QR code. 

8a.PNG

6. This will complete your MFA setup. When next logging in, you may be prompted to use Authenticator for MFA. After selecting this option (as shown directly below), a code will appear on screen and your Authenticator app will ask you to enter that code to complete your MFA. 

9a.png

 

3. Using a Text Message or Phone Call

Even if you have set up a passkey (as shown above), you can also setup call or text message as a backup MFA method. Use the following page to setup another MFA method. https://mysignins.microsoft.com/security-info. Otherwise you can be presented with this option when first setting up your MFA. 

1. When prompted for another MFA option, choose Alternate Phone to receive a call or text MFA code. 

4a.png

2. Next you can setup your phone number for call or text MFA.

3a.png

 

Franklin University does not support use of a secondary email account for MFA. 

 

After first enrollment, for the next several days after enrollment, you may intermittently experience re-prompts to log in to various applications on your computer (Outlook, Word/Excel, OneDrive, Teams). This is expected and it is because there is a delay in your PC recognizing the new authentication method.

Any mobile apps that you are using with your Franklin University credentials will most likely re-prompt you to log in and use your secondary verification method.

 

I Have a Replacement Phone or I Lost My Previous Phone

Replacement Phone

If you have a new phone and you were already using a text message for your 2 factor authentication, you should be all set. However, if you are using another method for MFA, it will likely require a small configuration change so that the app on the new phone is synced to your account. 

1. Log into https://mysignins.microsoft.com/security-info on your computer. 

  • If you do not have access to a computer or phone with a logged in session of Office365 email in your browser, you may need to log in to this site using an alternate method. Instructions for doing so are in the Lost Phone section below. 

2. Here you can click on Add method to add an additional authenticator app, which will provide the needed QR code.

  • Helpful hint: It is a good idea to have multiple MFA methods added to your account. 

Add_Method.jpg

 

Lost Phone

If you don't currently have access to your phone, you can still log in if you have enrolled other alternate methods of receiving multi-factor verification (assuming you have obtained a replacement device). To test this, try to access your email.

1. When you are taken to the sign in page for Franklin University during the log in process, enter your username and password. When you see the screen regarding 2 factor authentication taking place, click on the Sign in another way link. 

Sign_in_Other_Way.jpg

  • If you do not have access to an alternate method after clicking the Sign in another way link (as shown above), you may need to contact the Help Desk to reset your multi-factor authentication and to delete your old devices. Contact methods for the Help Desk can be found at helpdesk.franklin.edu.

2. You can then, click on Devices tab in the left hand menu to delete any devices with active sessions, such as the lost or stolen phone. 

https://myaccount.microsoft.com/device-list 

Devices.jpg

 

 

FAQs

1. What happens if I lose access to all of my verification methods and I am unable to log in to my account?

  • You may contact the Help Desk and request that MFA be reset so that you can enroll a new verification method. Contact methods for the Help Desk can be found at helpdesk.franklin.edu.

2. Can I get an MFA exemption if I am traveling or lost my phone?

  • No, we can help reset MFA, but will not be able to bypass it for you. MFA is a regulatory requirement and is not optional. 

3. If using an authenticator app for MFA, does it have to be the Authenticator app from Microsoft?

  • No. While we recommend using the Microsoft Authenticator app, there are many other options that will also work for MFA. 

4. Can I use MFA codes sent to an alternate email as my MFA method?

  • No, Franklin University does not support use of a secondary email account for MFA. 

5. What if I do not have access to a secondary device for MFA (no phone right now)?

  • While a secondary device (most commonly a phone) is recommended for MFA, alternatively you can download a free authenticator app onto your computer or in your computer browser as a workaround. Then, those authenticator apps can be configured like an authenticator app on your phone (see video and article sections above for comparison). Below are a few screenshot examples from The Microsoft Store and Chrome
    • Franklin University does not directly recommend or support an computer software or browser MFA setup on your computer. Instead, we recommend using a phone as described above in this article. The apps shown in the screenshots below are examples only. Therefore, we do not have MFA applications for a computer that we directly support at this time. If you are not using a phone for MFA, please proceed at your own risk. 

Authenticator App from Microsoft Store.png

Authenticator Apps from Chrome Web Store.png

 

 

Further Reading from Microsoft

 

 

Wish to log a request with the Help Desk? Use your Franklin University username and password to login: Log A Request