Multi-Factor Authentication (MFA) with Office365

 
MFA Banner

Multi-Factor Authentication (MFA), also known as 2-Step Authentication, is a required Microsoft feature that protects your account by requiring additional steps when signing in to your Central Office 365/email account. The first time you attempt to log into your Central Office 365/email account, you will be prompted to set this up. MFA requires something you know (your password) and something you have (a mobile device or phone) to sign in to your account. The first step is to sign in to Office 365/email with your Central email address and BlueNet password. You will then be prompted with a code or prompt on your mobile device or phone.

MFA Options

There are several options for the authentication prompt to access your account. It is strongly recommended that you set up more than one MFA verification method, and use the Microsoft Authenticator app as your primary verification method.

authenticator app icon
Microsoft Authenticator App*

*recommended method
The Microsoft Authenticator app uses number matching, which is the safest way to authenticate to your account. When entering your Central Office 365 email address/password to access your account, a number will be displayed. Open the Authenticator app and enter this number to confirm that you are the person accessing your account. If you get prompted for a number when you are not attempting to access your account, select "No, it's not me." to indicate that there was an unauthorized attempt to access your account. We highly recommend using the Microsoft Authenticator app as your primary authentication method, as it is the safest method and does not rely on cellular service. Click here for instructions on setting up the Authenticator App.
text message icon
Text MessageThe text message option sends you a numeric code via the texting app on your mobile device. When entering your Central Office 365 email address/password to access your account, you will be prompted for the numeric code. Open the text message from your mobile device and enter this number to confirm that you are the person accessing your account. If you receive a code via text message when you are not attempting to access your account, you should delete it. Do not provide this code to anyone, as any calls or text messages asking for it are malicious attempts for unauthorized access your account.
phone call icon
Phone CallThe phone call option will call you at the phone number you designate (this may be a cell phone or a landline phone). When entering your Central Office 365 email address/password to access your account, a call will ring to your phone number directing you to press a button on the keypad to continue. If you receive a phone call when you are not attempting to access your account, you should hang up immediately. Do not approve an unexpected phone call as this is a malicious attempt for unauthorized to access your account.

Updating Multi-Factor Authentication (MFA)

To update your MFA information, go to www.ccsu.edu/2step, log in with your Office 365 (Central email) account and follow the on-screen instructions. If you lost or changed your mobile device or phone number, you must first reset your MFA using the Accounts Management System at https://accounts.ccsu.edu then follow the on-screen instructions to set up MFA with your new information.

MFA Quick Facts

  • When connected to the Central wired network, you will not be prompted to use MFA for your Office 365 e-mail but you will be required for access to systems containing personal information such as WebCentral-Banner Web.
  • When connected to ANY wireless network, you will be prompted to MFA using your 2nd factor (Microsoft Authenticator app, text message or phone call) to log in.
  • On mobile devices that you use regularly, you will be prompted to MFA just once every 14 days.
  • If you forgot, lost or changed your mobile device, you may reset your MFA using the Accounts Management System at https://accounts.ccsu.edu.
  • Emeritus employees are not required to use MFA at this time. However, if an Emeritus account gets compromised then MFA will be enforced at that time. If an Emeritus employee is hired as an adjunct, temporary rehired retiree, or in some other active employee capacity then MFA is required. 

MFA Resources

Intro to Two-Step/MFA Video

Detailed MFA Set Up Instructions