Configuring and Using Office 365 Multifactor Authentication

Overview

In order to further secure your FalconNet account, Cedar Crest has begun enrolling accounts into FalconNet Multifactor Authentication for Office 365.  Multifactor authentication requires that you know your username, your password, and verify your login via another method.

Once your account has been enrolled, you still have to configure your account for access via a secondary method of authentication.  Once you are enrolled, and MFA is turned on for your account, you will be prompted for multifactor authentication in each application, on each device, every 90 days.

For a video walkthrough on configuring multifactor authentication, click here (requires login).

Multifactor Authentication Currently impacts the following systems:

• Office 365 including:
  Outlook (Email)
  Teams
  Stream
  OneDrive
  OneNote
  Tasks
  Planner
  Bookings (Configuration only)
  Sharepoint
  Forms
  ...and other related Office 365 resources.
• MyCedarCrest authentication
  
  Additional systems will be added periodically.

Directions to Configure Your Account

Once your account is enrolled, you will be unable to sign in to any related accounts until you complete the configuration.  To do this, follow these steps:

1. ​Open a web browser and go to https://aka.ms/mfasetup (works on phones, too!)
2. Next, sign in with your FalconNet email address and password.  It may ask to verify your sign in via a text message to your phone, please complete this step if it asks.
3. You then are shown a screen similar to the one below.  Here is what the parts of this screen do:
   - App Passwords: sets up static, secure passwords for specific applications that do not support MFA.  An example of this is the built-in Apple Mail app on iPhones.  If you need to set up an App Password, click here for instructions.
   - What is your preferred option: This is where you select how you want to be notified to confirm a login attempt.  Your options are: text, phone call, authenticator app on your smartphone (iOS or Android).  This will be the way the system defaults to approving your login or sending the code.
   - How would you like to respond: Here you setup your secondary authentication mechanisms.  You can enter your cell phone for text messages, an office phone (voice call), a secondary voice call number, or authenticator app
   
   
    
4. What's your preferred options explained:
   - Notify me through the app: Will send a push notification to the Authenticator app on your smartphone
   - Call my authentication phone: Will voice call the phone number indicated in the authentication phone field
   - Text code to my authentication phone: Will send a text message to the phone number indicated in the authentication phone field
   - Call my office phone: Will call the phone number in the Office phone field
   - Use verification code from app or token: will generate a code or token within the Authenticator app that you can input for authentication.
   
    
5. Select the options you would like to use.  Please note you must select a primary and secondary option.  You can choose all of them if you wish, but you must select at least two.  Note: if you only choose one, we highly recommend text messaging via your cell phone.  This is similar to many other services that require multifactor authentication.  It is suggested that if you are not using the Authenticator app, that you also input a voice number that is not your cell phone as an emergency authentication mechanism.
6. The Authenticator App option is the fastest way to approve a login attempt.  This requires that you have an Apple iOS or Android device to work.  If you wish to set this up, click the check box and then click Set up Authenticator app.
7. Once you click on the Set up button, you will see this screen:
   
   
    
8. If you are on your mobile device, you can tap the type of mobile device you have and it will open the Authenticator app in your app store.  If you are not, you can navigate to your app store, download the Microsoft Authenticator app.  Once you have downloaded the app, follow the instructions on the screen to complete the setup.
9. Once you have completed the app setup, you will see your Cedar Crest account listed.

Using Multifactor Authentication Methods

Once your account is enrolled and set up, you will be able to sign in to your FalconNet account in Office 365 and related resources (see list above).  Authentication is only necessary when you are logging in via a web browser, using a new device, or have not signed in to the application in the last 90 days.  In other words, once you authenticate Outlook 2016 or 2019, it will remember that for up to 90 days.  But if you are signing in to Outlook in Chrome or Edge, it will ask each time.

• If you enrolled in the Authenticator app as your primary method of MFA, when you try to login to an Office-related resource, you will receive a notification on your smartphone.  When you see it, tap the notification, then tap Approve.  Within moments, you will be connected to the service you were trying to access. 
• If you are enrolled with a voice call back (office phone, alternate phone), within a 2-3 minutes, you will receive a call.  The computer voice will read you a 6 digit code that you will need to put in to complete authentication.
• If you are enrolled in the authentication phone text messaging, within 1-2 minutes you will receive a text message on your phone.  You will need to input that into the box that looks similar to below to complete authentication.
  
  
   
• If you do not have access to the primary method of authentication, you can click Sign in another way to choose a secondary option that you have previously configured in the steps above.