Skip to main content

Multi Factor Authentication - MFA - 2FA

Grace IT is rolling out and enforcing this MFA policy to all Staff in order to improve the security of our organization and help reduce potential headaches. If you are enrolled in MFA, you will need to have your phone as an additional method of authenticating yourself (on top of your password) to log in to your Work Office365 account. The easiest way to do this is by using the Microsoft Authenticator App on your phone; however, you can use a different method or authenticator if you prefer.

The benefits of being enrolled in MFA is that you do not have to worry about resetting your Work Office365 and Work laptop password regularly, and you will not get any more password reset notifications/emails. MFA also makes it increasingly difficult for anyone else to access your account since they need your password and your approval from your phone in order to sign in, making this a critical technology in cybersecurity.

Standard 2FA Method: Microsoft Authenticator

icon_microsoft-authenticator[1].png  (This is the Microsoft Authenticator App. For more app related information from Microsoft, click on the icon.)

The default (and most straightforward and quickest) method that Grace IT sets up everyone with is the push notification through the Microsoft Authenticator App. When a sign in attempt is made to your account, a push notification is sent to your phone asking to Approve or Deny the login attempt. This method can be changed to another one, if you desire, through your Microsoft Account page. Instructions for setting up MFA using this method are listed below:

A passcode lock on your phone is required by our organization in order to use the Microsoft Authenticator App and the Outlook app together. You will need to setup a 4 or 6 digit passcode on your phone in order to properly use the Authenticator app. Please set this up before proceeding through the below instructions.

Setting up the method manually yourself

1) Install the latest version of the Microsoft Authenticator app, based on your phone:
2) Configure 365 account in Authenticator App
  • Sign into your Office365 at https://myaccount.microsoft.com/
  • Select Security info in the left menu or by using the link in the Security info pane. If you have already registered or been registered by IT, you'll be prompted for two-factor verification. Then, select Add method in the Security info pane.
  • On the Add a method page, select Authenticator app from the drop-down list, and then click Add.
  • On the Start by getting the app page, click Next.

  • Remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.

  • Open the Microsoft Authenticator app on your phone, select to allow notifications (when prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account.

  • Return to the Set up your account page on your computer, and then select Next. The Scan the QR code page appears.

  • Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you added your work or school account.

    • The Authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select the Can't scan the QR code link and then manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see Manually add an account to the app.

  • Select Next on the Scan the QR code page on your computer. Pay attention to your phone afterwards.

    • A notification is sent to the Microsoft Authenticator app on your mobile device, in order to test that MFA works with your account.

    • You will need to open or tap on this notification to approve your sign in attempt. 
  • Approve the notification request within the Microsoft Authenticator app, and then select Next.
  • Congratulations, you have successfully added MFA to your Work Office365 account!

  • If you are an iOS user, please read through the "Situational" section in this article.

Setting up the method when required by your organization

Follow this instruction list if you see a "More information is required by your device" prompt when you try to use an Office 365 application. This means that we pushed the MFA policy onto your Office 365 account, which forces you to setup MFA in order to continue using your 365 applications.

1) Install the latest version of the Microsoft Authenticator app, based on your phone:
2) Configure 365 account in Authenticator App
  • Proceed to the next page following "More information is required by your device".
  • On the Start by getting the app page, click Next.

  • Remain on the Set up your account page while you set up the Microsoft Authenticator app on your mobile device.

  • Open the Microsoft Authenticator app on your phone, select to allow notifications (when prompted), select Add account from the Customize and control icon on the upper-right, and then select Work or school account.

  • Return to the Set up your account page on your computer, and then select Next. The Scan the QR code page appears.

  • Scan the provided code with the Microsoft Authenticator app QR code reader, which appeared on your mobile device after you added your work or school account.

    • The Authenticator app should successfully add your work or school account without requiring any additional information from you. However, if the QR code reader can't read the code, you can select the Can't scan the QR code link and then manually enter the code and URL into the Microsoft Authenticator app. For more information about manually adding a code, see Manually add an account to the app.

  • Select Next on the Scan the QR code page on your computer. Pay attention to your phone afterwards.

    • A notification is sent to the Microsoft Authenticator app on your mobile device, in order to test that MFA works with your account.

    • You will need to open or tap on this notification to approve your sign in attempt. 
  • Approve the notification request within the Microsoft Authenticator app, and then select Next.
  • Congratulations, you have successfully added MFA to your Work Office365 account!

  • If you are an iOS user, please read through the "Situational" section in this article.

 

Situational: If you are an iOS user AND use the built in Mail or Calendar App for Work:

iu[2].jpgios-mail-icon-100669537-large[1].jpg

Unfortunately, as of right now Apple's built in Mail and Calendar apps (if you use them for work) will eventually stop working when you setup MFA! This is because they are unable to bring up the prompt for 2FA when you are already signed in (very specific technical reason on Apple's end). You will have to remove your Office 365 account and re-add it in order to keep using these apps for work.

If you follow these steps, however, you will be able to get these back up and running! (You also have the option of using the Outlook App, which does not have this reauthentication issue and supports both mail and calendar functionality.) 

  • Open your settings app.
  • Scroll down and find either "Mail" or "Calendar". Tap one of them. If you use both for work, you may want to take note of your preferences that you may have setup for each.
  • Tap "Accounts"
  • Find and Tap on your Work account. It will have the graceohio/gracechurches email address.
  • Take note of the work content that you are syncing (Mail, Contacts, Calendars, Reminders, and Notes).
    Then click on Delete Account.
  • When it finishes removing your account from your phone, you should be taken back to the accounts screen. Tap on "Add Account"
  • You will see a list of email services you can select. Be sure to choose Microsoft Exchange, as Office365 accounts will only work with this and not the Outlook.com option.

    image-1624807663886.png

  • In the new screen that pops up, enter your work email here. Also put in a name for this account that you will recognize (For example: Grace Church - Work).
    • Tap Next. This will probably trigger 2FA, so you will need to approve the sign in attempt if it does ask.
  • The screen that lets you choose to sync specific content appears. Refer back to your note for what content you sync and enable those respectively. Hit next
  • Your mail/calendar/content will start syncing. This may take a minute, or if you have tons of calendar appointments/events it could take a couple hours to finish. We recommend leaving your device charging if it is taking more than a few minutes. You should be all set.

  • UPDATE: You may see a prompt like this picture below on your phone when roughly 60 or 90 days pass. Apple forces you to reauthenticate after that period of time but prompts you to do it vaguely with this prompt. PLEASE keep this in mind if you really want to use the iOS Mail app, as when the period time passes by you will stop receiving mail and calendar updates again until you reauthenticate your account again. There is not much that IT can do to remedy this as this primarily Apple technology issue. The Outlook app does not have this issue, so IT again recommends you to use that as your Mail and Calendar App solution for work.

If you see this picture, your iOS Mail/Calendar app wants you to reauthenticate your work account. It tells you this vaguely, but you will need to address it to continue receiving email and calendar updates using the iOS mail and calendar apps.
image-1635955016036.jpg

    • You can tap Edit Settings to re-enter your password for your Office365 account. You can also re-enter your password by going to the Settings app, then to Mail or Calendar. Tap on accounts and and tap on your work account..


Change or Add 2FA method

You can access your Microsoft Account page here. The link takes you to the security section. Here you can remove and add methods (Phone text or call, Email, or another Authenticator App), as well as take a look at your default and current methods.

Back to top