Microsoft Multi-Factor Authentication (MS MFA) - Frequently Asked Questions (2024)

Overview

1. What is Microsoft Multi-Factor Authentication (MS MFA)?
2. How does Microsoft Multi-Factor Authentication (MS MFA) work?
3. Why should I use Microsoft Multi-Factor Authentication (MS MFA)?
4. Do I have to use Microsoft Multi-Factor Authentication (MS MFA) to access my account?
5. What devices are supported to register for Microsoft Multi-Factor Authentication (MS MFA)?
6. Which Universityservices or systems currently require Microsoft Multi-Factor Authentication (MS MFA) for login?
7. How often will I have to use Microsoft Multi-Factor Authentication (MS MFA)?
8. Why can't I use email as a second factor?

Setup & Activation

1. How do I get started?
2. How many devices can I enroll in Microsoft Multi-Factor Authentication (MS MFA)?
3. What if I do not have a mobile device?

Usage

1. How do I manage or edit my Microsoft Multi-Factor Authentication (MS MFA) devices?
2. How do I authenticate with my smart phone app if I don't have cell signal, data, or Wi-Fi connection?
3. My account is locked out. What should I do?
4. How Much Data Does a Microsoft Authenticator Request Use?
5. Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator App?
6. What If My Phone Does Not Have Internet or Cell Service?
7. Does Using Microsoft Authenticator App Give Up Control of My Smartphone?

Help & Additional Guidance

1. I don’t have my Microsoft Multi-Factor Authentication (MS MFA) device with me.What can I do?
2. What do I do if I get a Microsoft Multi-Factor Authentication (MS MFA) push notification on my device when I didn't log in?
3. Can I use the app on my smart phone without affecting my data plan?
4. I replaced the phone that I had registered in Microsoft Multi-Factor Authentication (MS MFA). What should I do now?
5. What should I do since I lost my device that I use to authenticate with Duo?
6. Why have I stopped receiving push notifications on the Duo Mobile app?
7. My iOS mobile device is running an older iOS and I am unable to install the Duo Mobile application from the App Store. What do I do?
8. How do Hardware Tokens Work?
9. How Much Data Does a Microsoft Authenticator Request Use?
10. Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator?
11. What If My Phone Does Not Have Internet or Cell Service?

What is Microsoft Multi-Factor Authentication (MS MFA)?

Microsoft Multi-Factor Authentication (MS MFA), also known as Two-Step Verification, provides an extra layer of security in addition to passwords.This additional step ensures that your information, transactions or online work is safer from unauthorized access by requiring a second method of authentication, such as a phone, code or other registered device, to verify your identity.Even if someone obtains your password, they cannot access your account without having your registered Two-Step device.

How does Microsoft Multi-Factor Authentication (MS MFA) work?

Microsoft Multi-Factor Authentication (MS MFA), also known as MS MFA or "Two-Step Verification" uses mobile technology to send an authentication request to your registered device.When you log into SSO, a notification will be sent immediately to your smartphone or other registered device.You simply tapApproveon the screen if using the authenticator app or use a numerical code sent to your device, which verifies that you are the person logging in and your access will be available.

Why should I use Microsoft Multi-Factor Authentication (MS MFA)?

Microsoft Multi-Factor Authentication (MS MFA) provides extra protection for the sensitive information our systems contain in case you are a victim of phishing or hacking. If someone steals your credentials and tries to access your account, your user name and password will not be sufficient to log in. The thief will also need to have access to your device to complete the log in process. If someone else tries to log in to your account, you will be notified on your device and you candenythem access instantaneously. Starting Spring 2021, all Microsoft Services will require MS MFA. Services include campus email, OneDrive, and the Office suite of products.

Do I have to use Microsoft Multi-Factor Authentication (MS MFA) to access my account?

MS MFAwill be required for all Microsoft products including campus email, OneDrive, and the Office suite. This includes both web accessed services and University installed desktop software(Outlook, Word, Excel, etc). MS MFAis also required for CMS HR and CMS ES Administrative users.

What devices are supported to register for Microsoft Multi-Factor Authentication (MS MFA)?

• iOS devices (iPhone, iPad, iPod)
• Android devices (phone, tablet)
• Other cell phones (non-smart phones) and landline telephones
• It is also possible to use an Internet-based phone service (VoIP) like Google Voice to receive calls and text pass codes.See our articleCreating a Free Google Voice Number for Use with Microsoft MFA.

Whichservices or systems currently require Microsoft Multi-Factor Authentication (MS MFA) for login?

MS MFAwill be required for all Microsoft products including campus email, OneDrive, and the Office suite. This includes both web accessed services and University installed clients (Outlook, Word, Excel, etc). MS MFA will also be required for CMSHR and CMS ES Administrative Users. For these users, all CMSrelated services (CMSHR, CMSES, Time Entry, Time Approval, Employee Center, Faculty Center, Student Center, ID Lookup, etc.) will require MS MFA.

How often will I have to use Microsoft Multi-Factor Authentication (MS MFA)?

Each time you open a new browser session and access Campus Single Sign-On (SSO), you’ll be required to sign in and use Multi-Factor Authentication. If the SSOor Beachboard browser sessions are still open after locking your computer, the session will still continue without signing into MFAagain. For security reasons, this is only recommended on a device that isn’t shared. For University licensed Microsoft software installed to your device (personal or University-owned), you'll be prompted forMFA approval upon first login; however, your successful MFA login will be remembered and you won't be prompted again unless you've been inactive in that application for 90 days or you change your password. For installed, University-licensed Microsoft software (Outlook, OneDrive, Office, etc.), this one-time MFA process will be experienced on personal and/or university-owned computing devices(computers and mobile devices).

Whycan't I use email as a second factor?

Having a second-factor verification sent to a designatedemail address is not considered to be a safe method, as it can more easily be intercepted by a cyber criminal. Email accounttakeovers are a common form of cybercrime. Using a personal mobile device app or phone number are in your physical possession and therefore less likely to be in possession by a cybercriminal. As a point of reference, major online account service providers like Google andApple do not allow email as a second factor method.

How do I get started?

After MS MFA is enabled for the campus, you will be presented with a set-up screen when accessing any University provided Microsoft service. These articles illustrate the activation process:

Configuring Your Account for Microsoft Authenticator App
Configuring Your Account for Call/Text Messages

How many devices can I enroll in Microsoft Multi-Factor Authentication (MS MFA)?

Microsoft Multi-Factor Authentication (MS MFA) lets you register multiple devices to your account, so you can always access your account even if one device is temporarily unavailable.We recommend a maximum of three devices.

What if I do not have a smart phone or mobile device?

Although use of the Microsoft Authenticator app on a mobile device is recommended, you can register a mobile phone to receive calls, or text messages. You can also register a land-line or office telephone to receive calls. Additionally, it's possible to use an Internet-based phone number (VoIP), such as Google Voice, which can be access on a computer. See our articleCreating a Free Google Voice Number for Use with Microsoft MFA.

How do I manage or edit my Microsoft Multi-Factor Authentication (MS MFA) devices?

Please refer to this article that describes how to change your two-factor verification method and settings.

How do I authenticate with my smart phone app if I don't have cell signal, data, or WiFi connection?

If you cannot use a “Push” or “Call,” use a “Passcode.” You can generate a passcode in theMicrosoft Authenticator app. If you don’t have the app, you can enroll to receive a SMS text message or phone call.

My account is locked out. What should I do?

The most common reason why your account is locked is because you have entered an incorrect password for your Beach ID account or the Two-Step has failed at least 5 times.Please contact the THD at (562) 985-4959orhelpdesk@csulb.edu.

I don’t have my Microsoft Multi-Factor Authentication (MS MFA) device with me.What can I do?

Contact the Technology Help Desk (THD) at (562) 985-4959 for assistance.

What do I do if I get a Microsoft Multi-Factor Authentication (MS MFA) push notification on my device when I didn't log in?

If you get a push notification from the Microsoft Authenticator app that you did not request, that means someone else is trying to log in using your account and your Beach IDaccount may have been compromised.Tap the Deny button in your Microsoft Authenticator app or take no action if a code is pushed to your device. This denial will keep them out.

If none of these options work, please contact the Technology Help Desk at (562) 985-4959 for assistance.

Can I use the app on my smart phone without affecting my data plan?

To use the app with no impact on your data plan, you must first connect to a WiFi network. Use the Microsoft Authenticator app to generate a one-timepasscodeyou can use to log in to your account.Using the passcode requires no data usage on your plan.

I replaced the phone that I had registered in Microsoft Multi-Factor Authentication (MS MFA). What should I do now?

If your phone number is the same:

• Install theMicrosoft Authenticator app and ensure you're configured to use the app with your University account. You'll be able to receive Call/Text messages if you've configured your account to receive these types of second factors.

If your phone number changed:

• If you have an alternate/backup device enrolled in Microsoft Multi-Factor Authentication (MS MFA):

  • Please refer to this article that describes how to change your two-factor verification method and settings.

*If you do not have an alternate/back-up device enrolled, call the THD at (562) 985-4959.*

What should I do since I lost my device that I use to authenticate with MS MFA?

Contact the THD at (562) 985-4959immediately if you lose your phone or suspect it has been stolen. They will disable your phone from being able to authenticate with Microsoft Multi-Factor Authentication (MS MFA) and help you log in using another device.

Why have I stopped receiving push notifications on the Microsoft Authenticator app?

You may have trouble receiving push requests if there are Wi-Fi issues between your mobile device and Microsoft Authenticator app.Many mobile phones have trouble determining whether to use the WiFi or cellular data when checking for push requests. Simply turning the phone to airplane mode and back to normal operating mode often resolves these issues. Similarly, the issue may be resolved by turning off the Wi-Fi connection on your device and using the cellular data connection. If these two methods do not resolve the issue, contact THD at (562) 985-4959orhelpdesk@csulb.edu.

My mobile device is running an older operating system and I am unable to install the Microsoft Authenticatorapplication from the App Store. What do I do?

You may need to upgrade to a newer iOS or Android version to install the mobile app.

How do Hardware TokensWork?

Tokens are provided on an exception basis for employees. Please contact your Administrative Services Manager (ASM) if you require a hardware token. A hardware token will work the same as using your MS Authenticator App to generate a code, which can be used to enter on-screen, when prompted.

How Much Data Does a Microsoft Authenticator Request Use?

Microsoft Authenticator authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month. If your device is connected to WiFi, no mobile data will be used. If you use the code generated by theMicrosoft Authenticator App, no data will be used.

Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator?

There are several reasons this could be happening. Please try the following to troubleshoot:

1. Make sure your enrolled device has a cellular network or WiFi connection.
2. Have the Microsoft Authenticator app open when you authenticate.
3. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Microsoft Authenticator app.

What If My Phone Does Not HaveCell Service?

You can use the Microsoft Authenticator app to generate a one-time passcodeto use without Internet or cell service.

Does Using Microsoft Authenticator Give Up Control of My Smartphone?

No. The Microsoft Authenticator app has no access to change settings or remotely wipe your phone. The visibility Microsoft Authenticator requires is to verify the security of your device, such as operating system version, device encryption status, screen lock, etc. Microsoft uses this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.