Two-factor authentication for Office 365 -- A2F/MFA

  • Overview

  • Activation and configuration

  • How does multifactor authentication work?

  • How to configure your Office 365 account

  • Frequently asked questions

  • Related articles

Overview

As recommended by the Treasury Board Secretariat, the Information Technology (IT) Department has enabled a layer of protection to the sign-in process called Multifactor authentication (MFA).

This additionnal layer reduces the risk of a security breach drastically, and sensitive data stays protected.

Activation and configuration

If you use Microsoft Outlook, you will need at least the 2016 version of this software for 2nd-factor authentication to work. See detailed requirements.

1 - Recommended authentication method

The "Microsoft Authenticator" application is the most powerful authentication method, offering great security benefits and fast, reliable login access.

  • Download the "Microsoft Authenticator" application from your Android/IOS mobile store, then add your account by scanning the QR code that will appear when you log in to your HEC account: Microsoft Authenticator application

2 - Activate your 2nd factor

3 - Not working?

If using Microsoft Authenticator on an Android/IOS mobile device is not possible for you, please make a request on our service portal (employees, retirees, active students) or contact us by email at soutien.ti@hec.ca and we will evaluate the possibility of using an alternative authentication method.

How does multifactor authentication work?

When you’re connecting to your school account, you will enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world! 

But if you have multifactor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.  

Perhaps you're using the free Microsoft Authenticator app as your second factor.
A code will be displayed on your screen, the authenticator app will notify you that you need to identify yourself, so you’ll need to enter the code on your phone.

How to configure your Office 365 account

Even if you have configured a 2nd authentication factor, no further changes will be required before the activation date indicated in the e-mail you received.

  • Once you have received confirmation that MFA has been activated for your account, you will need to reconnect most of your devices and applications to confirm your multifactor identity.

Some examples of devices and software to check once multi-factor authentication has been activated :

  •  Email software (Outlook)

  • Microsoft OneDrive for Business

  • Microsoft Office Suite (Word, Excel, PowerPoint)

  • Email applications on your mobile devices (iOS, Android)

 If your application or device is no longer receiving your e-mails, force a list refresh (Send / Receive). You will then be prompted to log in again and confirm with multi-factor authentication.

If you still can't see your most recent e-mails and you're not prompted to use the multi-factor connection, you'll need to visit your device or application settings to force a new connection to your account.

Prerequisites for Two-factor authentication

Here are a few basic conditions you must respect to avoid problems when activating multi-factor authentication on your HEC Montréal Microsoft Office 365 account.

If you access your Microsoft Office data (Outlook, OneDrive, SharePoint, etc.)

 Have on your workstation a recent version of the Microsoft Office suite: ideally the Microsoft Office 365 suite or the 2019 version

Previous versions (2013, 2010, 2007, etc.) are known to have connection problems once multi-factor authentication has been activated.

 Make sure that your web browser is updated:

  • Firefox

  • Google

  • Chrome

  • Microsoft Edge

  • Safari

Modify your Two-factor authenticator

You might want to change the way you identify yourself for several reasons but first you need to make sure not to lose access to your account (do not remove any method before adding and verifying the new one).

At any time, users can change the configuration of the 2nd authentication factor themselves via the Microsoft console: https://aka.ms/mfasetup

 You may refer to the below artical for additional details:
Change your two-step verification method and settings - Microsoft Support

If you no longer have access to the previous tool, you will need to contact the IT Service Center to reset your account. Please have your HEC Montréal credentials on hand to facilitate the process.

Apply via our service portal (employees, retirees, active students) or contact us by e-mail at soutien.ti@hec.ca.

Frequently asked questions

 

Question

Answer

Since the change, I no longer receive new emails, calendar events or contacts on my mobile device or computer.

OR

 

The e-mail application I use tells me that my settings no longer work or that e-mail synchronization is impossible.

When you first set up your device, it may have used an old authentication method that has now been rejected or is incompatible with two-factor authentication.

The ideal approach is to delete and then create your account again on the device See the Office 365/Outlook account on iOS capsule for a detailed procedure

You can also consult the prerequisites section to make sure your applications work properly with this new measure.

I've changed the phone number, computer or mobile device used for the 2nd authentication check

Whenever possible, make the 2nd factor configuration change BEFORE losing access to the previous tool by going to Microsoft's 2nd factor authentication configuration console: https://aka.ms/mfasetup

If you no longer have access to the previous 2nd authentication tool, you will need to contact the IT Service Center to reset your account. Please have your HEC Montréal credentials on hand to facilitate the process.

Apply via our service portal (employees, retirees, active students) or contact us by e-mail at soutien.ti@hec.ca.

The requirement to provide a 2nd authentication factor has been enabled on my account but I haven't done the initial setup and I no longer have access to my Office 365 account.

Go to https://aka.ms/mfasetup and follow the instructions above to set up two-factor authentication correctly.

I've forgotten or lost my two-factor authentication device (my phone).

How can I connect?

Multi-factor authentication cannot be bypassed for HEC Montréal accounts.

If you have another phone or tool at hand to perform the 2nd authentication, you can contact the IT Service Center to have the security reset.

 

 

of your account is done and you can set up a new two-factor verification method.

To avoid this situation, we recommend that you set up 2 different 2nd factor authentication methods when you first configure your account.

 

More information from Microsoft on this subject:

Common problems with 2-factor account authentication - Azure AD | Microsoft Docs

Does two-factor authentication apply to every connection to my Office 365 account?

Do I always have to carry my 2nd device with me?

You will be asked to verify your 2nd authentication factor every time you connect to your account, whether from a new device or a new application.

However, you can tell the system that you trust the device, and your access will be retained for up to 90 days.

Do not check this box on a device that is not yours

 

In 90 days, you will again be asked to provide your password and a 2nd authentication factor to access your account.

2nd factor security has been activated on my account for some time and I've already done the verification on my devices.

For the past few days, however, I have had to provide a 2nd authentication code on my devices.

First of all, the verification must be carried out again every 90 days if you have ticked 'trust the device'.

In addition, certain other conditions may trigger a new verification request

Changing your web browser Cleaning caches and/or cookies Changing your Internet connection

Updating e-mail software or the device used

And possibly many other conditions that Microsoft is not disclosing.

Does the Microsoft Authenticator application access personal data on my phone?

The Authenticator application collects two types of information:

The account information (e-mails and passwords) you provide when you add your account.

This data is stored on your device and can be deleted by deleting your account.

Diagnostic log data.

This data remains only in the application until you select Send feedback from the application's top menu to send logs to Microsoft. These logs may contain data such as e-mail addresses, server addresses or IP addresses.

 

 

For more information from Microsoft on this subject: Frequently asked questions about the Microsoft Authenticator application - Microsoft Support

 

Related articles

Two-factor authentication for Office 365 -- A2F/MFA security

SharePoint and Teams - Synchronize your files or add a network drive

SharePoint 2016 and Online - Using and troubleshooting

Secure file sharing via OneDrive, Teams or SharePoint