Microsoft/Azure MFA Setup
Table of Contents
- 1 What is Multi-Factor Authentication?
- 2 Initial Account Activation
- 3 Microsoft Authenticator App - Push Notifications (Recommended Method)
- 4 Generic Authenticator App - One-Time Passwords
- 5 SMS - One-Time Passwords
- 6 Mobile Phone - Phone Call
- 7 Office Phone - Phone Call
- 8 Physical Security Key (YubiKey)
- 9 Passkeys via Microsoft Authenticator
As part of Christopher Newport’s ongoing effort to further secure our information technology resources, Information Technology Services is implementing Multi-Factor Authentication (MFA).
What is Multi-Factor Authentication?
Multi-Factor Authentication (MFA) is quite simple, and organizations are focusing more than ever on creating a smooth user experience. In fact, you probably already use it in some form. For example, you’ve used MFA if you’ve:
swiped your bank card at the ATM and then entered your PIN (personal ID number).
logged into a website that sent a numeric code to your phone, which you then entered to gain access to your account.
MFA, sometimes referred to as two-factor authentication or 2FA, is a security enhancement that allows you to present two pieces of evidence – your credentials – when logging in to an account. Your credentials fall into any of these three categories: something you know (like a password or PIN), something you have (like a smart card), or something you are (like your fingerprint). Your credentials must come from two different categories to enhance security – so entering two different passwords would not be considered multi-factor.
– Source: "Back to basics: Multi-factor authentication (MFA)", http://NIST.gov
Initial Account Activation
Open a browser on your desktop or laptop computer and go to My Sign-Ins
Login with your CNU email address and password. You may be prompted to stay signed in. If you're using your personal or office computer, you can click Yes. If you're using a shared, lab, or public computer you should click No.
On your first login, you will be prompted to set up additional information. Click Next to continue.
You will be prompted to setup an additional security verification method (Multi-factor Authentication or MFA) for your account. You must set up two (or more) of the following methods for your account. Doing this will also allow you to update your password without assistance from IT Services. Click the links below to continue the instructions for your preferred method.
Push notifications through the Microsoft Authenticator app on your mobile device ← This is the most recommended method
One-Time Passwords (OTP) through any compatible app on your mobile device
One-Time Passwords through text messaging (SMS) on your mobile device
Microsoft Authenticator App - Push Notifications (Recommended Method)
After clicking Next on the more information required screen, you should see this prompt. Please click next here to continue.
Install the Microsoft Authenticator app on your device via App Store / Google Play. Links have been provided below:
Download for Android: Microsoft Authenticator - Apps on Google Play
Download for iOS: 
Microsoft Authenticator App - App Store
To add a new account on the mobile app, tap the plus button in the top right hand corner. After this, tap on Work / School Account, followed by tapping the option to "Scan a QR code".
You may be prompted to allow the Microsoft Authenticator app access to your mobile device's camera. You will need to accept/approve this request in order to take a picture of the QR code.
Use the app (NOT your phone’s regular QR code scanning process) to take a picture of the QR code that is on your computer screen.
Once the code has been scanned successfully, your account will appear on the home screen of the Microsoft Authenticator app.
Back on your desktop or laptop computer, click the Next button. A push notification will be sent to your mobile device for approval. Approve the sign-in when you receive the prompt.
Finally, you will be prompted to enter your phone number, in case you lose access to the mobile app. Enter in your mobile phone number, then click Next to finish.
Generic Authenticator App - One-Time Passwords
Select the first drop-down menu and change it from "Authentication Phone" to "Mobile App". Then, select "Use verification code" and click the "Set up" button.
In the first screen that pops up, click on the link that reads, "Configure app without notifications". This link will change the QR code. Scan the new QR code with your preferred Authenticator app and click the Next button.
Back on your desktop or laptop computer, click the Next button.
Enter the 6-digit code displayed in your app into the webpage on your computer and click the Verify button.
Finally, you will be prompted to enter your phone number, in case you lose access to the mobile app. Enter in your mobile phone number, then click Next to finish!
SMS - One-Time Passwords
Make sure that the first drop-down menu is set to "Authentication Phone", then select the "United States (+1)" as the Country code and enter your mobile phone number. Then, make sure the method is set to "Send me a code by text message" and click the Next button.
Check your mobile device for a text message from Microsoft with your one-time password. Enter the 6 digit code you receive into the webpage on your computer.
You will see messages that your verification settings is being saved. Once completed, click on the Done button to finish!
Mobile Phone - Phone Call
Make sure that the first drop-down menu is set to "Authentication phone", then select the "United States (+1)" as the Country code and enter your mobile phone number. Then, make sure the method is set to "Call me" and click the Next button.
Check your mobile device for an automated phone call from Microsoft. You will be prompted to press the pound (#) key to approve the login. You will not be prompted for or provided with any codes during this call. Once completed, click on the Done button to finish!
Office Phone - Phone Call
Make sure that the first drop-down menu is set to "Office phone", then select the "United States (+1)" as the Country code and enter your office phone number. Then click the Next button.
Check your office phone for an automated phone call from Microsoft. You will be prompted to press the pound (#) key to approve the login. You will not be prompted for or provided with any codes during this call. Once completed, click on the Done button to finish!
Physical Security Key (YubiKey)
Select the first drop-down menu and change it to "Security Key." Click Next.
You'll be asked what type of security key you'd like to set up. For setting up a key with a computer, choose USB.
You'll then see a box that tells you that you'll need to insert a security key. Click Next, but DO NOT insert your security key yet.
Your computer will then walk you through the process to associate your security key with your University account. If this is the first time you've used the security key, you'll have a more detailed setup process that's described in another article. DO NOT insert your security key until prompted.
When prompted, insert your security key into your computer.
If this is your first time using this security key, you'll be prompted to set a PIN. This PIN is stored on your key and will be used any time that you use it. You must remember this PIN; ITS cannot recover your PIN.
Otherwise, you'll be prompted to enter your PIN.
After you do, you'll be asked to give it a name. You'll then be able to use your YubiKey to sign in.
Passkeys via Microsoft Authenticator
You can also set up Microsoft Authenticator to use a passkey for automatic sign-ins. To do so, go to your security page at My Sign-Ins and select “Add Sign-in Method.” Make sure you have the device you have Microsoft Authenticator on within arm’s reach.