Frequently asked questions (FAQ) regarding Microsoft MFA


Introduction

No one at Texas Tech University or from anywhere else should ask for your password.

Explanation

What is multifactor authentication (MFA)?

Multifactor authentication (MFA) is an additional layer of security added to the authentication process. The purpose of MFA is to ensure you are the only person who can access your account, even if someone knows your password. At TTU, MFA is required to access certain high-security resources.

What is Microsoft MFA?

To better protect against increasing threats to critical systems and data in higher education, the TTU IT Division has begun implementing Microsoft MFA for select applications and services. The TTU IT Division has been using Microsoft MFA internally and found it an easy and effective tool for protecting information resources.

How MFA changes the sign-in experience

  1. When signing in to an application that is protected by MFA, you will still enter your eRaider username and password into the existing, approved web pages. Once you have signed in, Microsoft MFA will require you to complete a method of second-factor authentication, typically by approving the sign-in through an app on your phone.
  2. MFA does not replace or require you to change your eRaider username and password. eRaider password changes will continue to be managed by the eRaider Account Management System. Think of MFA as a layer of security added to your existing eRaider account.
  3. Over time, most applications and web services at TTU will use Microsoft MFA for enhanced security. Microsoft MFA will eventually replace the legacy text/phone call code verifications that we currently use for MFA.

How do I get started with Microsoft MFA?

Visit https://aka.ms/mfasetup to complete the setup. This link will take you directly to Microsoft services for your TTU eRaider account.

For detailed instructions, please visit askIT.ttu.edu/MFAsetup.

Are there other options for MFA aside from the Microsoft Authenticator app?

When using Microsoft MFA, the Microsoft Authenticator app gives you the best experience and is one of the more secure options. It even works with or without network access.

The most secure alternative option is a security key. Less secure options include voice phone calls and SMS text messages.

For assistance setting up alternative options, please view the setup instructions for MFA, in the "Alternative options" section.

What if I don't have a mobile phone

Please view How to: Use Microsoft multifactor authentication without a mobile phone.

Can TTU access my phone if I use the Microsoft Authenticator app?

No. Using the Microsoft Authenticator app does not give TTU access to any data on your phone.

Microsoft collects certain data to facilitate the app's functions. For the latest and most accurate information regarding the data collected by the Microsoft Authenticator app, please visit Microsoft's support website at https://support.microsoft.com/en-us/account-billing/common-questions-about-the-microsoft-authenticator-app-12d283d1-bcef-4875-9ae5-ac360e2945dd#ID0ED0JB0BH.

Can I use a hardware security key instead of an authenticator app or SMS text messaging?

Yes. Please follow the setup instructions for MFA, in the "Alternative options" section, for details on adding a security key to your account.

Microsoft Authenticator isn't prompting me for a code like it normally does. What should I do?

It may be that your mobile device does not have an active network connection through Wi-Fi or the cellular network. Ensure that you're connected to the Internet. Then, try refreshing the app to force it to check for notifications.

If it still doesn't work or you cannot connect to the Internet momentarily, the Microsoft Authenticator app can generate a six-digit code to use temporarily. No network connection is required for this to function. Please see how to use Microsoft MFA, Step 4, Section D for information on how this works.

I just received an attempt to authenticate with my account through MFA, but it wasn't me. What do I need to do?

Check all of your apps that authenticate with your eRaider account carefully on each of your devices. One of the apps could be trying to authenticate, and that may be the source of the prompt.

Please go to https://mysignins.microsoft.com and view all sign-in attempts there. If it wasn't you, and you see the attempt listed, see if it was a successful attempt or not. If it wasn't successful, no further action is needed on your part. If the attempt was successful or you have further questions, please submit a multifactor authentication assistance request.

The phone number showing up for texting or calling me with a code is an old or incorrect number. How do I update it to my current phone number?

First, follow the setup instructions for MFA, in the "Alternative options" section, to add your new number. Then, remove the outdated number from the list.

What if I get a new cell phone, lose my phone, it gets damaged, or I'm otherwise unable to use the Microsoft Authenticator app?

Do not delete the Microsoft Authenticator app from your phone or replace your phone without having an alternate MFA method in place. We recommend adding multiple MFA methods to your account ahead of time. That way, you have other options for MFA if your phone is not available.

You can also back up your Microsoft Authenticator app credentials to prevent losing access in the event that something unexpected happens to your phone, such as loss, damage, or theft. We highly recommend that you follow the steps now to avoid loss of access to TTU services.

I lost my device (that is, phone, security key, etc.) that I use for MFA. Can someone else use it to access my account?

Some devices do allow passwordless sign-in, while others only serve as a second factor of authentication in addition to your password. The safest thing to do is remove the device from your allowed MFA methods to prevent unwanted access.

What if I'm going out of the country or will be in an area without cellular service?

Cellular service is not necessary in order to use MFA. Multiple options are available when you either don't have a mobile device or your mobile device has no Internet access.

Which services require MFA?

  • TTUnet VPN
  • Microsoft 365
    • TechMail/Outlook
    • Microsoft Teams
    • microsoft365.com
    • Microsoft 365 apps
    • SharePoint
    • OneDrive for Business
    • etc.

Can I opt out of MFA?

MFA is an additional layer of security added to the authentication process. The purpose of MFA is to ensure you are the only person who can access your account, even if someone knows your password. At TTU, MFA is required to access certain high-security resources.

Can I use Microsoft MFA with Apple Watch?

According to Microsoft, you cannot install or use Microsoft Authenticator on Apple Watch. Microsoft recommends that you sign in with Authenticator on another device.

What is next?

Beginning February 20, 2024, MFA is required to connect to Microsoft 365 services, such as Teams or Outlook. We are adding new users each week, with email notifications sent beforehand.

You can set up Microsoft MFA now so that you are prepared when you need to access services that require it.

You may find additional information about Texas Tech University's Microsoft MFA implementation on the TTU IT Division website at https://www.depts.ttu.edu/infotech/apps/projects/mfa.