Multi-Factor Authentication Setup

Logo, company nameDescription automatically generated

Multi-Factor Authentication (MFA)

General Information

Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. Rather than just asking for a username and password, MFA requires additional verification from the user, such as replying to a notification from an app on your mobile phone.

Remote Users telecommuting with VMware Horizon will be required to authenticate before gaining access.

Getting Started

This guide outlines setting up MFA with use of your mobile phone and computer web browser.

1. Install the Microsoft Authenticator App on your mobile phone through the Apple App Store or Google Play (configuring the app will take place later in the guide). Make sure it says it is published by Microsoft Corporation.

2. On your computer web browser, go to https://aka.ms/mfasetup

You will be prompted to login to Office 365. Enter your college/district email address. When prompted, enter your email password.

A screenshot of a cell phone Description automatically generated

3. The following screen should appear. Click Next

4. On the following screen, go to the Security Info tab, click Add sign-in method, then in the dropdown that pops up, select Authenticator App.

When you see a QR Code appear on your screen, leave it open for the time being (we will come back to it in step 9). The next steps will be performed on your mobile phone.

Steps 5 to 7 are done on your mobile phone, using the Microsoft Authenticator app. Do not scan the QR code with your regular camera app.

5. On your mobile phone, open the Microsoft Authenticator app. Choose to allow notifications from the app if it prompts you. If you are new to the app there will be some screens asking about data collection that you can skip past until you get to the screen that lets you add an account. If you have used the app before, you will have to click the plus (+) symbol in the upper-right to add a new account:

6. Select Work or school account, then select Scan QR Code

7. You will be prompted to scan the QR Code displayed on your computer screen (the screen left open in step 6). Point your mobile phone at the QR code on your computer to scan it.

8. After scanning the QR code, press Next on your computer to proceed. There is typically a short delay here (around 30-60 seconds), this is normal.

A screenshot of a computerDescription automatically generated

9. It will now send a notification to your phone to test the authentication method:

A screen shot of a security verificationDescription automatically generated

10. On your mobile phone you should receive a notification. Select Approve. (The notification may look slightly different depending on type of mobile phone, and may ask you to type in a number from the computer screen)

A screenshot of a phoneDescription automatically generated

11. Back on your computer, go next to “Default sign-in method” and click Change. In the dropdown that appears, pick App based authentication – notification.

A screenshot of a computerDescription automatically generated

12. In the upper-right, click on your profile icon and select Sign out. If you would like to test your MFA setup, go back to aka.ms/mfasetup and log in again.

You have now configured MFA with Microsoft Authenticator. This is more convenient and secure than standard text verification and will allow you to sign into various secure services that you may have access to such as Banner and the VMWare Horizon Client.

If you are unable to enable MFA using the steps above, please contact the District IS department for further assistance. Our help desk can be reached at 408-741-2696 or by email at is_help.desk@wvm.edu. If possible, we prefer that you put in a ticket at our service desk.

Tips

If you get a prompt on your phone when you are not trying to login, you want to Deny the request.

Denying a sign-in request can lock your account temporarily. Do not deny your own sign-in attempts to avoid being locked out.

Sign-in notifications ignored or not reached in time will expire and not lock your account.

Be sure to grant the app Notification permissions on your phone if it does not have them by default, otherwise you will have to manually open the app to see sign-in requests.

If the Approve prompt does not appear in the Authenticator app, try closing and reopening it.

Do not select text message or phone call as your authentication method. Microsoft is discontinuing their support for phone number-based services, so these options will not work in the long term.

Updated April 12^th, 2024