Now that our work documents are in the Office 365 cloud, its super easy to share and collaborate in real time. We can all agree that change two years ago has big benefits to the workflow of the library! However, cloud storage is only secure with proper measures in place and frankly we aren’t there yet.
To get there, the library will enable Multi-Factor Authentication for all staff in the coming four weeks. In today’s online environment, it is truly the best and easiest method any organization (and end user) can implement to protect against compromised accounts.
What is Multi-Factor Authentication (MFA)
MFA isΒ a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cellphone or a fingerprint scan.
For the Library’s Office 365 accounts, this means you will use your windows credentials and then a second method of your choosing to gain access to your account. There are three options for this second method of verification – phone, text, or app.
Onboarding Process
MFA Enrollment
- Digital Services will enroll staff in stages – by department.
- Upon enrollment, you will receive an email with instructions. The email will explain the registration process. Next, you will be prompted to setup your Authentication Method when you sign into Office.com. The setup is designed for you to select your preferred method for the second layer of authentication.
Office 365 prompt to setup MFA
Turning on MFA
- Digital Services will once again turn on MFA in stages – by department.
- Once MFA is turned on, you will start using multi-factor authentication!
MFA will be excluded for logins in the building. This means you will only be prompted for MFA when you are offsite. A few examples include working from home, connecting through a bookmobile MiFi, or checking email from home.
Sherry Best on said:
Will this be every time we log in, or just when we’re using Office offsite? (By the way, I would love to have a fingerprint scanner.)
Shannon Eddings on said:
The current MFA rules use a 90 day expiration (like our passwords) and when you login to a new device. They do not require daily verification, although they can be configured for a more frequent expiration.
I dont think fingerprint scanning is an option for us, but we’ll take it under advisement!π
Debbie Stanton on said:
For the phone option, can staff use their library phone number or would you recommend against doing that? I ask because that would be very convenient for staff at their desks (where we tend to not get cell coverage, so they wouldn’t be able to get a text message) but wouldn’t work if they’re logging in to a service point computer and can’t answer their work phone.
Kimberly Sain on said:
It sounds like we’re going to use our personal cellphones for MFA if we want to log in at a service desk?
Debbie Stanton on said:
@Kim, thinking it through, if you only have to do this every 90 days, you’ll just be signing in and doing it at your cubicle computer in the morning and then you’re good for the next 3 months.
Shannon Eddings on said:
Yes, library phone numbers are okay! Really, its whatever option is most convenient to the individual.
cheryl-burk on said:
What if we don’t have a cell phone? Is there a work around for that?
Debbie Stanton on said:
@Cheryl, Shannon answered above that staff can use their library phone number to authenticate.
@Shannon, how does that work for staff with softphones, if they can’t get logged in to Windows before authenticating, but they answer their phone through Mitel?
Shannon Eddings on said:
@Debbie, this change only affects logging into Office products, not Windows!
The library has tethered everyone’s office login to their windows login (similar to how Polaris works), but the process for logging into a computer remains unchanged. So, accessing soft phone should not be an issue.
Debbie Stanton on said:
Awesome, thanks! π
Lynn Shirley on said:
In Circulation we don’t have phones dedicated to each of us. We just have the workroom phones since we don’t have our own cubicle. I can use my cell, but not everyone has that option. Is there a work around for this?
Shannon Eddings on said:
@Lynn & @Cheryl &@Kim,
We don’t have a firm plan yet, but we are working on a solution for the scenarios you all described.
Deborah Ellerbrook on said:
Yesterday when I was at home I wanted to check my work e-mail, and I was prompted to do the multi-factor authentication, but I could not as it was set to go to my work phone. I thought when I came in this morning that I would just be able to take care of it while I was at work, but i was not prompted to authenticate here. I checked this post, and discovered that it will only ask for the authentication when you are OFF-SITE. So using my work phone number will not work apparently. Now I need to figure out how to reset it to my personal phone number so I can authenticate off site.
Shannon Eddings on said:
Hi Deb,
There are two ways to change your MFA settings if you discover the initial setup doesn’t work as well as you thought it would.
1. revisit the setup link sent out. this connects to your profile settings in office.com – https://aka.ms/mfasetup
2. stop by DS and talk to an Admin. we can mediate any changes you want to make.
Deborah Ellerbrook on said:
Thanks Shannon!