CofC provides current campus members with a licensed Microsoft 365 account. These accounts grant role-based access to many College applications and services, and will prompt for a Microsoft based sign on. These accounts use Multi-Factor Authentication (MFA). Learn more about Microsoft 365 accounts at the College

Multi-Factor Authentication (MFA) provides an additional layer of security for account sign-on by using a strong password AND an additional verification method.

Systems that do not require MFA allow you to log in by simply typing in a username and password. In modern practices, this is not considered secure because anyone who knows the password can gain access to the account. It's easy for a password to become compromised, so we need to require more than just a single password before allowing access. This is where MFA comes in. In addition to providing something you know (your username and password), you will also authenticate using something you have (a cell phone or hard token). The cell phone or hard token will provide you with a code to enter as the final step to get into your account. This way, even if your password becomes compromised, the thief will still not be able to access your account, because they don't have physical access to your phone or hard token to be able to provide the code.

In short, you must have a cell phone* connected to your account to be able to log in. This is done by installing the Microsoft Authenticator app on your cell phone, and connecting your account to the app - you'll be prompted to add this "additional security info" the first time you sign in. Then, any time you log into your account after that, you will need to provide your username, password, and use the Microsoft Authenticator app to get signed in.

It's important to keep your security methods up to date so that you don't lose access to your account. To help with this, you will be prompted to verify your security info every 180 days. 

The College's preferred and supported MFA verification method is the Microsoft Authenticator App. Please note, SMS (text) as a method for MFA will not be available after September 1, 2024.

FAQs:

1. *What if I don't have a cell phone?
   • A cell phone is preferred because it has the fastest set up and can be managed by the individual account holder. However, if you do not have a cell phone or the means to get one, a hard token can be used instead.
   • A hard token is an electronic device that randomly generates a security code. The code on the device frequently changes, so you must keep it with you to be able to access your account. Some hard tokens are designed to be added to your key ring for easy mobility.
   • You will not be able to set up the hard token on your own - this requires IT assistance. Please submit a ticket online, choosing "Account Access" for the Category, and "Multi-Factor Authentication" for the Subcategory to start the process. 
     
     
2. How do I install the Microsoft Authenticator App and connect it to my account?
   • See KB0010708: How to Set Up the Microsoft Authenticator App for your CofC Account
     
     
3. How do I use the Microsoft Authenticator App to get into my account once it is set up?
   • See KB0012396: Using the Microsoft Authenticator App to Authenticate
     
     
4. What if I got a new phone or lost my phone?
   • You may still be able to access your account. Whenever you log in, a session cookie is saved on your device, and if that session cookie has not expired, you will not be prompted to enter your credentials or use MFA to get in - you will automatically be logged in. If you are not familiar with session cookies or still don't completely understand MFA, don't worry. The technical details are not important here -  the bottom line is you may still be able to access your account, so try getting into your account from a device you recently used. If it remembers you and you can get in, you can update the security information in your account. See KB0010570 for instructions on how to do that. 
   • If you tried that and are not able to get into your account at all because you don't have access to the phone or hard token that was set up for your account, IT intervention is required. A person will be happy to assist you. Please contact the IT Service Desk by phone, walk-in, or chat for help on this matter (not email or online ticketing - this particular problem requires that they speak with you in real time). 
     
     
5. How do I add additional security methods?
   • You can connect multiple phones to your account. If you do this, be sure to pay attention to which one you specify as the default. 
   • You must be able to sign into your account to be able add additional methods. Use the instructions from this article: KB0010570: Add or Change MFA and SSPR Security Information for your CofC Account
   • If you cannot log into your account, contact the IT Service Desk by phone, walk-in, or chat for help.
     
     
6. How can I learn more on this topic?
   • If you are interested to learn more about MFA, such as how it works, visit Microsoft's support site or Microsoft's Learning Center.