Introduction
In 2021, there were over 150 known accounts that were compromised (via malware, phishing, social engineering) across all KIPP regions nationally, including over 50 accounts at our organization. Compromised accounts include teachers, payroll managers and school leaders. When an account is compromised, attackers will use that account to send emails to other users in other to compromise other accounts.
Multi-Factor Authentication (MFA) provides an additional layer of security that is added to your login process. MFA relies on 2 forms of authentication: something you know (password) and something you have with you (mobile phone). You may have already been required to set up MFA for personal accounts outside of the KIPP environment, such as entering a code to log into your bank account. Another simple example of MFA is having to enter your ZIP code when you use a credit card to buy gas.
Effective January 2022, we are now enforcing MFA for Microsoft Office 365 email (Outlook) to reduce the risk of our accounts being compromised by attackers.
How do I enroll MFA?
After the Tech team notifies you that they are enabling MFA on your account, the next time you are required to log in to a Microsoft email application, you will be prompted to complete the enrollment process. See below for more details.
What are my authentication options with Microsoft Applications?
Microsoft Authenticator Mobile Notification - A push notification which you can quickly acknowledge is sent to the authenticator app on your smartphone asking you to authenticate your login. (This works with Apple Watches too.)
Microsoft Authenticator Verification Code - The Mobile Microsoft Authenticator app will generate a verification code that updates every 30 seconds. You will be asked to enter the most current verification code in the sign-in screen.
Note - Please make sure to use Authenticator App instead of Phone SMS. Authenticator App is more secure and will provide more information if the MFA is challenged by an attack. If you had already enrolled with SMS or Phone call, please switch to Microsoft Authenticator using these instructions.
Will MFA be required when using my smart device (phone/tablet)?
Yes. You will be prompted whenever you have to re-enter your password (most likely when you change it) for any email application that you installed.
Will I be required to use Outlook on my smart device or I can still use my device's native email client?
As long as you've been updating your device to the latest iOS or Android versions, you can continue to use the native client on your device. We highly recommend moving to Outlook to enjoy all his benefits and advantages.
I want to use the Microsoft Authenticator App because I like being able to acknowledge the notification vs typing in a code every time but what happens when I get a new device?
You can back up the Microsoft Authenticator application configuration by following this link
I just got an MFA request but I didn't just type my password. Is there a glitch?
Double check that there is not a window hidden somewhere on your laptop. If there is nothing, this is a sign that an attacker may have stolen your credentials. If you are using the Microsoft Authenticator app, select Deny to block the request.
If you receive a phone call saying "Thank you for using the Microsoft's sign-in verification system. Please press the pound key to finish your verification." and you did NOT attempt to sign in, DO NOT press the # key to allow the request.
MFA is preventing them from compromising your Microsoft account but you should reset your password and contact the Tech team immediately.
How often will I be required to put in MFA?
To stay signed in and receive fewer authentication requests, select "Yes" to stay signed in on your regularly used device. You should only do this on your work computer. You should never do this on a shared computer.
After setting up MFA, you should not be prompted frequently for MFA. The following is a list of example actions that may cause you to be prompted for MFA.
- After initial setup, applications on your laptop and smartphones will prompt for MFA once. (You may get a few extra prompts within the first 24 hours).
- Changing your password.
- Not selecting "Yes" on "Keep me signed-in" pop-up.
- Switching to a new browser.
- Switching to a new device.
- Clearing your browser cookies or history.
- Signing out of a Microsoft Application.
- Using Incognito/private browser window.
- The IP address of your device changes (i.e. you usually work in NJ but log in from Miami).
- If Microsoft sees suspicious logins/sign-in activity with your account.
Will I need to sign-in to my Laptop using MFA?
You will not need to use MFA to sign in to your Laptops. You may see a toaster (popup) notification on your Windows PC that shows you either need fix your account or enroll with MFA. If you see this after enrollment, you will simply need to click the notification and re-login (this is rare but may occur).
For more on Multi-Factor Authentication (MFA) see:
- Multi-Factor Authentication Intro & FAQ
- Multi-Factor Authentication Enrollment
- Multi-Factor Authentication (MFA) Enrollment using Microsoft Authenticator App
- iPhone Mail Client Multi-Factor Authentication Setup
- Android Mail Client Multi-Factor Authentication Setup
- iPhone Outlook Multi-Factor Authentication Setup
- Android Outlook Multi-Factor Authentication Setup
- Changing your Multi-Factor Authentication Method or Phone Number
Comments
0 comments
Please sign in to leave a comment.