As ECF Data celebrates Cybersecurity Awareness Month, we continue with our series of blogs in line with its purpose of raising awareness about digital security and the basics of best cyber practices. Since cybersecurity is everyone’s responsibility, we, at ECF Data, are in it to promote and be a part of creating a safer digital space for everyone.  

In line with the Cybersecurity Awareness Month’s campaign to be #CyberSmart, we are putting the spotlight on Multifactor Authentication (MFA), one of the simplest methods you can do to stay safe online.

Microsoft 365 Multifactor Authentication: The WHAT 

Multifactor authentication is a multi-step account login method wherein users are required to plug in more information other than the typical password. Confirming users’ input more than their password supplies an additional layer of security because it decreases the risk of unauthorized access to data.    

Since June 2013, Microsoft has already employed multifactor authentication on Microsoft 365 administrative roles, but now, they’ve taken that a notch higher that all users can now access MFA. The feature has also been stretched wherein users can utilize App passwords to provide users with optional controls to customize their security preferences.   

Microsoft 365 Multifactor Authentication: The WHY 

Dealing with more than 300 million suspicious sign-in attempts on its cloud services daily only shows that cyberattacks are still ongoing at an alarming rate. Moreover, passwords, regardless of employing a complex and long one, are not a fool-proof solution for blocking your accounts from being compromised. A Microsoft study states multifactor authentication could prevent 99.9% of compromise incidents. 

Microsoft 365 Multifactor Authentication: The HOW 

Setting up your M365 MFA isn’t as complicated as you might think. Below, we lay the step-by step process: 

1. Sign in to your M365 using your work or school account and password. After clicking the sign-in button, a prompt like the image below will appear.  
2. Press Next 
3. You will have two options. First is the default authentication method using the free app called Microsoft Authenticator. Download the app using the links provided (Android, iOS, or Windows Phone). Once installed on your mobile, click Next and follow the instructions to add it to your account.  

The second option is to have SMS messages sent to your phone. Choose “I want to set up a different method to do this.” You will be asked to provide your mobile number. Input the 6-digit number sent on your SMS to verify your device. 

INSIDER TIP: The Microsoft Authenticator app provides a faster and more secure sign-in than SMS.  

4. When done with all the steps, you will be prompted to supply the additional Verification information, like putting the verification code sent via text message or the authenticator app.  

 Note: The additional verification method is usually only asked the first time you sign in (maybe when you change your password or use a new device or app). But, generally, you won’t need to do this daily, except for whether your organization requires it.   

Microsoft 365 Multifactor Authentication: FAQs 

1. What would happen if my device was stolen or lost?

Despite losing your device, you are still left with two options to access your account:  

• Sign in using an alternative method 
• Seek for your company’s help desk to clear your settings 

We encourage you to take the latter option, as your help desk can guide you on the appropriate updates to your account. Once your settings are cleared, you’ll be notified to register a two-factor verification the next time of sign in.

2. I need to log in but I don’t have my mobile device with me at the moment. 

There’s no need to panic because this usually happens. If you’ve previously added a substitute method of sign-in, you can go ahead and use that. But if there’s none, you can contact your company’s help desk for assistance or do these steps: 

• Sign in to your Microsoft account but choose “Sign in another way” on the 2-Factor verification.  
• If the sign in another way doesn’t show up, it only means that you have not set up the other verification methods. Contact your administration for guidance in signing into your account.  
• Select another verification method and proceed with the 2-step verification process.  

3. Can I add a new phone number on my verification information? 

If you’re using a new number, you have to update the details of your security verification method. It ensures that the verification prompts will be led in the right direction. To do so, click this link Manage your two-factor verification method settings and follow the links in the Add or change your phone number. 

4. I’m now using a new mobile device. How do I add it?

There are a several ways of doing it, and you can choose what you find the easiest.   

• Follow up on the process detailed on the “Set up my account” to set up your new device to work. You can update your device information and account on the Additional security verification page. Proceed with the update, delete your old device information, and add the new one. If you need extra help, you can refer to this link: Manage your two-factor verification method settings  
• Using the Microsoft Authenticator app, follow the steps on the Download and install the Microsoft Authenticator app.   

Turn on the two-factor verification for your devices. Please refer on this link for more information: Manage your two-factor verification method settings

5. I’m currently traveling, and I’m having difficulty signing on to my mobile device. Help!

Because verification options might not be able to work (i.e., text messaging) while traveling internationally, it might be challenging to use the mobile verification method. If in case this works, you might incur roaming charges. In this case, we encourage using the Microsoft Authenticator application and connecting to a Wi-Fi hotspot to access it.   

6. Why am I not receiving the verification code on my mobile device? 

The problem is usually rooted in your mobile device and settings when this happens. Listed below are some of the things that you can try out:  

• Use the Authenticator app or verification codes: If you’re getting prompts that you’ve hit your limit on text or call verifications during your sign-in, Microsoft limited authentication attempts by the same user done repeatedly in a short period. However, this doesn’t apply to the Authenticator app or verification code.  
• Restart your mobile device: The good old restart can sometimes do wonders for your device. Refreshing your device shuts the core components and ends all background processes and services.  
• Verify that your notifications are enabled: Check if the notifications modes on your phone calls, authentication app, and text messaging app are turned on. Make sure that you can visibly view the alerts on your device.  
• Ensure that the security information is correct: Since the verification method leads to your phone number, you will fail to receive the alert for your sign-in.  
• Turn off Do not disturb: When you turn on this feature, you won’t be able to receive notifications, including your sign-in alert.  
• Check if your device has a signal and Internet connection: When you don’t have a signal or internet connection, it also means that you cannot receive calls or text messages. If the problem lies with your signal, but you can connect on the Internet, using the Microsoft Authenticator app will be another option for signing in.  
• Look at your battery-related settings: You might not be aware that there is a battery optimization setting that stops less frequently used applications from remaining active in the background. Turn the settings off and try signing in again.  
• Unlock phone numbers: In the US, Microsoft voice calls from the following numbers  +1 (866) 539 4191, +1 (877) 668 6536, and +1 (855) 330 8653. 
• Disable third-party security applications: Certain phone security applications block SMS messages and calls from unknown callers. It may be the reason why you’re not receiving the verification code. You can try to disable any third-party security apps and request for another code to be sent on your mobile.  

Multi-factor authentication security is not the end-all-be-all for cybersecurity, but it is one of the easiest and simplest methods of infusing security into your business.  

ECF Data can help further strengthen your security posture through its Security Services. To learn more, kindly click the button below.