Due to increased attempts to compromise student emails, AU's Digital Security team is in the process of introducing multi-factor authentication (MFA) for students within the Microsoft 365 environment across the university, at no cost.
Over the coming months, students will begin to see emails notifying them that MFA is being activated on their Microsoft accounts—including Microsoft Office 365 and Brightspace.
Once students are notified that MFA has been added to their account, they will need to set up one of the available authentication methods (such as the Authenticator app, SMS, or phone call) before accessing any Microsoft 365 applications.
What is multi-factor authentication?
When you sign into many of your online accounts, you may notice a prompt for additional information, such as approving a notification on your phone, entering a code, or answering a call as part of the “authentication” process. This additional step is a security feature designed to prove to the service that you are “you."
Multi-factor authentication is just as it sounds—a second verification method, or a second "factor” that is required to prove who you are. You may have even heard it called “two-step verification.” At AU, we recommend using the Microsoft Authenticator app.
Traditionally when signing into your account, you would have just used your username and password. Unfortunately, that is no longer very secure, as passwords easy to guess, compromised, or reused. And because passwords are hard to remember, people use simple ones or reuse the same one, making your accounts very vulnerable to cyber threats.
MFA requires anyone logging in their O365 accounts to provide extra action, such as clicking an approve button on a linked smart phone, entering a code, or answering a call to prove identity.
When you setup your account for MFA, you will need to provide additional factors (like the linked smart phone app), and use one of those factors when prompted during login. Your password and your linked smart phone app are called factors.
When your MFA setup has been completed, you will also be able to use Self Serve Password Reset (SSPR) to reset your Office 365 and Active Directory password if you are unable to log in.