SEBTS began requiring MFA for all users beginning August 1, 2022. 

Est. Time to read: 7 minutes


Quick Links

About MFA

    Rationale

    Definition

    How it works in your defense

Setting Up MFA

    Set up using the Microsoft Authenticator App (recommended)

    Set up using a mobile phone

    Set up using an office phone

    Change, add, or delete MFA verification method


Rationale

Using plain passwords, even secure ones, are often not enough to keep your account secure. There has been a significant rise in sophisticated phishing attempts that can dupe even the most security-conscious users. Even strong passwords can be accidentally given away to a bad actor (bad guys or computers on the internet) without the user's knowledge.


Definition

MFA is simply an additional step necessary to log in to a system. This process can include a one-time password or code sent via email, a text message, or a voice phone call. As a fourth method, SEBTS recommends using an "authenticator" mobile app to approve a login attempt.


How it works in your defense

If users' accounts are compromised, their usernames and passwords are all that a bad actor needs to access all account information. MFA places an extra step in the login flow to request additional confirmation that a login attempt is intended.


For example, if a compromised account is being accessed in a country or region outside of the user's knowledge, the user's mobile app would alert him or her for approval before the account can be accessed. Here's a fictitious example of the process:


  1. The user lives in Wake Forest, NC.
  2. At some point, the user had a really weak password or unknowingly gave it away to the bad actor.
  3. Bad actor attempts and successfully authenticates with the user's password from Genovia, Eurasia
  4. The user's mobile app requests approval for the sign-in attempt.
  5. The user, watching TV on the couch in Wake Forest, opens his app and denies the login request. After all, he was not actively, currently attempting to log in to his SEBTS account. So he chooses to deny the request. 
  6. The user, being responsible and gracious toward his security-minded IT department, changes his password immediately by following the steps here: https://sebts.freshdesk.com/en/support/solutions/articles/24000065303
  7. The user then sends in a ticket to itworkorders@sebts.edu to let IT know he received an unapproved sign-in request and that he has successfully changed his password. 




Setting up MFA with the Microsoft Authenticator App (recommended)

  1. Log in to https://aka.ms/MFASetup (ideally, after you have changed your password).
  2. This screen is presented after you have entered the correct password. Click Next.
  3. Choose Mobile App and Receive notifications for verification, then click Set up
  4. Follow the instructions on the screen to download the Microsoft Authenticator app and set it up using your phone's camera.

Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your phone.


Please only approve sign-in requests that you have actively initiated. 


Deny all others and take action as instructed above.

Back to top



Setting up MFA with a mobile phone

Note: Standard telephone and SMS charges will apply. 

  1. Go to https://aka.ms/MFASetup and login
  2. This screen is presented after you have entered the correct password. Click Next.
  3. Choose Authentication phone 
  4. Select your country and enter your phone number
  5. Choose Send me a code by text message if you would like to verify your account by entering a pin texted to you
    OR choose Call me to receive a call when you need to verify your account 
  6. Click the blue Next button
  7. Microsoft will either text or call you, depending on your selection.
    For Text Message: Enter the code texted to you in the box and click the blue Verify button. The screen will then indicate that verification has been successful.
    For Phone Call: Answer the phone, the voice will prompt you to hit the # key. Do so, and the screen will indicate that verification has been successful.
  8. Once your authentication method is verified, click the blue Done button


Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your phone.


Please only approve sign-in requests that you have actively initiated. 


Deny all others and take action as instructed above.

Back to top


Setting up MFA with an office phone

Note: It is suggested to add an additional authentication mode besides an office phone if you will need to login to your account away from your office phone.

  1. Log into https://aka.ms/MFASetup and login
  2. This screen is presented after you have entered the correct password. Click Next.
  3. Select Office phone from the dropdown 
  4. Select your country and enter your office phone number and extension if applicable
  5. Click the blue Next button
  6. Microsoft will call your office phone. Answer the phone, and the voice will prompt you to hit the # key. Do so, and the screen will indicate that verification has been successful.
  7. Once your authentication method is verified, click the blue Done button
  8. You will see the following screen. You are unlikely to need this information. Click the blue Done button 


Remember: From here, any time you are actively logging in to your Microsoft account (Outlook, Teams, OneDrive, CampusNet, etc.), you may need to approve the sign-in attempt with your office phone.


Please only approve sign-in requests that you have actively initiated. 


Deny all others and take action as instructed above.

Back to top


Change, add, or delete MFA verification method

Note: SEBTS recommends having at least two verification methods setup in case one method is inaccessible.

  1. Go to https://aka.ms/MFASetup and login  
  2. Choose your preferred verification method via the dropdown box
  3. To add an authentication method, check the box next to the method, and fill out the information
  4. To change a phone verification method, change the country or number next to the check marked phone option you want to change
  5. To remove a verification method, uncheck the box next to the method
    AND/OR Click Delete next to the Authenticator app you wish to delete
  6. After making all desired changes, click the blue Save button

Back to top