Multi-factor authentication (MFA) requires users to sign-in using more than one verification method, which helps keep you and the University safe by preventing cybercriminals from gaining access to personal, restricted and confidential information.
St. Cloud State requires MFA for Office 365 accounts, which verifies an individual’s identity through their username/password combination, and device(s) they select (e.g. their mobile phone and/or work phone).
This list of frequently asked questions about multi-factor authentication (MFA) for Office 365 was gathered by St. Cloud State University Information Technology Services. Please direct suggestions for additional questions to HuskyTech at huskytech@ngskmc-eis.net, (320) 308-7000, Miller Center 102).
Sometimes you don't have the phone or device that you set up as your preferred verification method. This situation is why we recommend that you set up backup methods for your account. Follow the steps below to sign in with an alternative method.
After enabling Office 365 MFA your automatic calendar sync in Navigate will fail. To correct the issue, re-sync the calendar by following the instructions. You should only need to re-sync once after enabling MFA.
If you turned on Cloud Backup on your old device, you can use your old backup to recover your account credentials on your new iOS or an Android device. For more info, see the Backup and recover account credentials with Authenticator article.
If Cloud Backup is not enabled, but you are still able to access the “Additional security verification” page for your account http://account.activedirectory.windowsazure.com/Proofup.aspx , Click the “Delete” button next to your old device, then click the “Set up Authenticator app” button to configure your new device following the steps for your phone here:
Android Authenticator App Installation Process
iPhone Authenticator App Installation Process
If you are not able to access your SCSU Office 365 account, please contact HuskyTech at huskytech@ngskmc-eis.net or (320) 308-7000.
On those occasions when you have no direct access to your mobile or alternate phone and are prompted to verify your Office 365 credentials, please contact HuskyTech at huskytech@ngskmc-eis.net or (320) 308-7000.
On those occasions when you have no cellular, WiFi, or wired Internet access and are prompted to verify your Office 365 credentials, you can still use the Microsoft Authenticator app on your phone to view a rolling, one-time password that you can enter as verification. These one-time passwords are generated even when your phone is offline.
Below is a list of common email services that are known to be compatible with Office 365 multi-factor authentication:
Once multi-factor authentication is enabled, you will use a second verification method any time you are asked for your credentials while using any component of Microsoft Office 365. Although you are not asked to sign in and verify frequently when using the installed versions of Office 365 applications, it does happen occasionally.
In most cases, no. When you successfully log in to Office 365, the authentication token or key is saved to that device and unlocks your access for a period of time. After that token expires, you will be prompted to log in using multi-factor authentication. There are several things that can trigger a new login sooner:
When accessing Your SCSU Office365 account through a web browser, there are some options to reduce the number of times that you are prompted to sign in and complete the MFA challenge.
Yes. Your verification methods and phone numbers are stored securely, much like a password. Now that MFA is protecting your account, your personal information is even safer!
No, registering a device gives your device access to SCSU services, but doesn't allow SCSU or Minnesota State access to your device. It’s like SCSU is giving you a key, and you are adding that key to your own personal keyring.
Once enabled, you cannot disable MFA on your SCSU Office 365 account. For issues regarding Office 365 MFA, please contact HuskyTech at huskytech@ngskmc-eis.net or (320) 308-7000.
Even though it may not be obvious, you probably do have valuable information stored in your SCSU Office 365 services, including confidential email messages, attachments, and contact information in Outlook, private files in OneDrive and Teams folders, or personal notes in OneNote. The risk extends beyond stealing data. For example, someone posing as you could send malicious emails from your account and engage in other behavior harmful to you and others if they gain access to your account.
Although it may be frightening to hear, it has probably happened already. Given the scope of recent breaches of popular services such as Dropbox, Chegg, Experian, Target, Adobe, and more, everyone should assume that one of their passwords has been stolen at some point. Although it was probably encrypted, thieves may have attempted to break the encryption. If you didn't use a strong password, they may have already cracked it.
In addition to being caught in data breaches, passwords can be stolen many other ways. For example, through phishing scams or by simply writing it on a piece of paper to be found on a desk, in a wallet, or in the dumpster. Passwords can be intercepted when using unsecured Wi-Fi networks at the coffee shop, airport, or hotel. It is even possible to unknowingly have malware installed on your laptop that could be recording activity and sending it to thieves online. Given these possibilities – and many more – you should always be on the defensive, making sure to follow proper security precautions to protect your accounts.
MFA is a great way to help protect your accounts from compromise due to your password being stolen. Enable MFA for your other personal accounts as well (social media, banking, shopping, email…).