1. INTRODUCTION
Starting on July 12th 2021, IT Services will begin rolling out multi-factor authentication to the university. This change will add an additional layer of security to our Office 365 tenant, protecting applications such as email, Teams, OneDrive and Sharepoint. It will minimize impact to these systems even if user credentials become compromised. This deployment will happen in stages, starting with staff by department in order of priority. Later in the year, faculty and adjunct will be added to this policy, followed by student accounts.
2. PREREQUISITES
A. For MFA to work, you will need to install the DUO application on your mobile device. If you're familiar with DUO and used it for applications such as Anywhere or LastPass, and have the app, no further action is required. If you have NOT used DUO, you can download the application by accessing the following links for your specific device: iOS | Android
B. IT Services strongly recommends utilizing the Microsoft Outlook mobile app for email, as opposed to the built-in iOS/Android mail client. MFA can be problematic with outdated operating systems and email clients, so having the Outlook application alleviates these problems. You can download the client by clicking on your OS here: iOS | Android
Note: Outlook Mobile supports all email services including your personal accounts i.e. (Hotmail, Gmail, Yahoo etc.) can all be added to the app, so you don't have to use multiple clients to check your email.
IMPORTANT: If you are installing DUO for the first time or have replaced your device recently, you will need to register your device. For instructions please visit the section 'NEW DEVICE/FIRST TIME REGISTRATION' below.
3. WHAT TO EXPECT
Once MFA is enabled for your account, you will receive an initial DUO prompt for most, if not all of your Office 365 applications on your desktop/laptop and mobile device. Don't be concerned about multiple prompts, as it has to authenticate your account for Email, Teams and OneDrive. Once you approve these prompts, your device will be remembered for 30 days. The only time you will be prompted within that 30 days, is if you sign in from another device or location such as your home computer or public network.
4. FREQUENT QUESTIONS
Q: Why do I get the message "You are receiving this message because your IT department has blocked your email access. This could be due to temporary conditions, like your network location. Contact your IT department with any questions or concerns about this mail. This email was automatically generated by Microsoft Exchange."
A: This is most likely due to the built-in mail client not recognizing the MFA request. You can fix this by downloading the Outlook mobile app (See Prerequisites), or deleting the email account from your device and adding it again.
Note: This will not delete any emails from the server.
Q: I'm not receiving the DUO prompt.
A: Make sure you don't have a DUO prompt hiding behind other applications. Sometimes it will jump into the background and you won't see it. Also, you can open up the DUO application on your mobile device and see it there is an approval pending
Q: My device doesn't support the DUO application
A: With Duo you have the option to set phone calls as your default MFA option. Using this option negates the need for an installed application and will call a landline or legacy device for authorization.
Q: I have a new device. What do I need to do?
A: Go to the following link and follow instructions in step 5 below: DUO Enroll.
Note: You can also access the enrollment page by going to LetMeIn and selecting the Duo Enrollment on the 1-Click Apps.
5. NEW DEVICE/FIRST TIME REGISTRATION
1. Click 'Add a new device' on the Duo prompt screen:
2. Click 'Call Me' from the authentication method:
3. Answer the phone call and follow the prompts.
4. Select 'Mobile Phone' and 'Continue':
5. Select your country, enter your mobile number and click 'Continue':
6. If the message "You entered xxx-xxx-xxxx. This number already exists, replace it?" is shown, select the checkbox. Click 'Continue'.
7. Select your device type and then 'Continue':
8. Open your DUO app on your mobile device and follow the circled instructions. Click 'Continue':
9. Verify your phone number is correct. Select "Automatically send this device a Duo Push" from the drop down. Click 'Save':
10. Your device is now registered with DUO and you can receive pushes for MFA.