Versions Compared

Version Old Version 99 New Version Current
Changes made by

Douglas 2brown

Douglas 2brown

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

...

Royal Roads University has adopted Microsoft 365 MFA for Webmail, Remote Desktop (for staff only) and Office 365 (Currently only for people outside Canada, but soon coming to all accounts August 2024). You only have to set this up once and it will work for all the applications listed.

Note

Getting a new phone for the holidays?

If you plan to replace your mobile device, it is STRONGLY recommended that you follow the MFA instructions on the new phone before you wipe or otherwise dispose of your old phone. You will need your old phone to authenticate your new phone.

If you've lost or had your mobile device stolen, you can sign in using the secondary authentication method you selected when you registered your device for MFA.

If this option has not been configured, you can contact the RRU Help Desk to clear your settings. After your settings are cleared, you'll be able to complete the procedure again.

Info

MFA requires the Microsoft Authenticator app to be installed on a mobile device or to have an RRU FOB. It is STRONGLY recommended that you follow these instructions on a Computer with your mobile phone or FOB in hand. This will help make the procedure go a lot smoother.

If you do not have a mobile device that you can use for this purpose, please contact the RRU Help Desk.

You MUST be in Canada when setting up MFA. If you are not in Canada, please contact the RRU Help Desk before you try to setup MFA. (If Computer Services has directed you to this site, and they are aware you are outside of Canada, you may proceed). Alternatively, if you have a VPN running, this must be connected to a Canadian server before you begin the procedure below.

Table of Contents

Who needs to set up MFA?

...

Not all resources are protected yet, but this changes frequently. We highly recommend that you set up MFA so that you don’t experience an interruption in service.

...

You will need to know

...

...

your UPN

Tip

Do NOT use your RRU email address to log in. Use your UPN to log in. The UPN is often referred to as the Microsoft username, Office 365 username, RRU longform username, and perhaps others. Regardless of how people refer to it, it’s your Moodle username with ‘@royalroads.ca’ added, like b12smith@royalroads.ca)

...

You will use your usual RRU password (the one you use for Moodle) Not sure what it is because your browser/computer remembers your password?

If you already have the

...

an authenticator app installed on your phone, make sure

...

it is the Microsoft Authenticator. There are no ads and no fees to use this app. If you are using the wrong app, this process will not work.

How to set up MFA preferences

...

Expand
titleClick here to expand this section for instructions for how to log into your Microsoft profile
just proceed

    • skip to

the next

    • step 2.

  • Otherwise, the prompt will asks for an email address but don’t enter that.
    Instead, enter your UPN (NOT your email address) and click Next

image-20240119-233643.png

  • Enter your password and click the Sign in button (same password as Moodle)

image-20240119-233714.png
Info

At this step, if you are prompted for additional authentication beyond your password, you will need to contact Computer Services. It could mean that your account was already partially setup so we might need to reset your account authentication to be able to proceed.

Step 2 for everyone: view your Security info

Expand
titleClick here to expand this section for instructions on how to view and update your Security information

  • Once you have signed in, on your computer, you’ll see a screen similar to this. Click the UPDATE INFO link on the Security info card.

image-20240122-160438.pngImage Removed

image-20240801-201549.pngImage Added
Info

If the account showing is not your RRU account, open a Private (Firefox), Inprivate (Edge) or Incognito (Chrome) window and log into http://myprofile.microsoft.com/ again with your RRU credentials (i.e. b12smith@royalroads.ca) and password. (You can open these windows from the browser menu button).

  • If this is your first time here, your default security method is “Password”, as shown below:

image-20240122-160555.png

  • If you’ve set up MFA previously, you may have a different default and you may have additional sign in methods showing here next to ‘Password’.

Step 3

...

: set up a method/preferences

Note:

Do not choose a ‘phone’ option. These be phased out by Microsoft. They will be removed from this options list as soon as we are able to do so without breaking existing setups.

  • On your computer you’ll be prompted to get the Microsoft Authenticator app. If you installed the app already, click Next.

image-20240122-161436.png
Expand
titleThis is it! Click here to expand this section for instructions on how to set up your 2nd factor authentication method (includes installing the MS Authenticator app).
Info

We recommend that everyone uses the MS Authenticator app for your 2nd factor.

But employees who come to campus can opt to use a ‘Security key’. If this is you and if you received your security key in internal mail, follow the instructions for how to set up a security key as your 2nd factor, then move on to Step 4 below. Otherwise, go back to the 'What you need to know/do…” section above to request a key.

Only employees who come to campus can choose ‘Security key’. Everyone else must choose the MS Authenticator app and continue with this Step 3.

Alternate Procedure - If you have a RRU FOB, then please follow Step 3 - Setup a method/preferences - FOB Setup instead.

To set up the MS Authenticator app as your 2nd method, on your computer:

Watch this 3 minute video and/or follow the instructions below it:

set up the MS Auth app as 2nd factor.mp4

  • click + Add sign-in method

  • click the down arrow to the right of ‘Choose a method’

  • click on Authenticator app

  • Finally, click Add.

image-20240122-160825.png
Info
Panel
panelIconIdatlassian-info
panelIcon:info:
bgColor#E3FCEF

Did not install app yet?

If you do not have the app, please point your mobile phone camera to the appropriate QR code below.

The app is FREE. Make sure you download the Microsoft Authenticator (the icon looks like the icon in the screen shot above). Your store may “recommend” a different authenticator at the top of the list, however you should download the Microsoft Authenticator for the procedure to work. These other apps can charge a fee to use it.

image-20240627-200307.png

Install the app and now you can click Next on your computer

(For advanced users only, you can also use another authenticator if you are familiar with it, like the Google authenticator)

  • You should now see the “Set up your account” screen. Please do the following on your phone before you hit next:

image-20240202-210544.png

  • Open On your Phone open the Authenticator app

  • Click on the plus sign to add a new account

  • Choose “work or school” account

Info

If you are using an iPhone, you may get a message asking if you have a backup.
Find out what to do before you continue.

  • Choose to Scan a QR code

  • Now hit Next on your computer
    Please note that it is very important that you allow notifications from the Authenticator. So if prompted you must click “Allow”

  • On your computer screen you should now see a QR code similar to the window below:

image-20240122-161658.png

  • Hold your phone up to view the QR code.

  • It will take only a

minute

  • fraction of a second for the set up to complete and when it does, you should see your account showing in the MS Authenticator app on your phone.

Info

In some cases, on an iPhone, if the app was previously installed you might now get a warning about notifications. Your options will be “setup later” or “settings.

  • Click Settings

  • Select Notifications

  • Enable Allow notifications

  • Return to the Authenticator app

Back

  • Back on your computer Microsoft Profile, click Next.

  • Your account will test the app. A number will be displayed on your computer. Enter it into your Authenticator app on your phone and click Yes to confirm it is you.

  • You will then be prompted on your phone to authenticate that you own the phone. This could be with your face, your finger or your phone lock screen code.

  • Do that now.

  • Once you approve the authentication on your phone, on your computer you should see a confirmation it was approved in your Microsoft profile, click Next

  • On you computer, your updated security information should look like this, with the Microsoft Authenticator app showing as your second sign-in method:

image-20240122-162426.png

  • Close the browser window if your only sign-in methods are password and either MS Authenticator or Security Key. If you have “phone call” as another sign-in method, you’ll need to delete that using the optional instructions in step 4

.

  • , otherwise…

  • YOU ARE DONE! When you next access a resource from RRU, you may be prompted to authenticate using the app. Follow the instructions when required.

Info

You won’t always be asked to MFA because:

  • not Not all RRU resources are MFA protected at this time

  • the The rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA.

    • Currently the default is you will be prompted about every 12 hours to authenticate in Canada

    • RRU computers might require less authentication in the future

    • Computer outside Canada might require more frequent authentication in the future

Step 4 for everyone: ensure your 2nd choice authentication method is not ‘phone’

Expand
titleMicrosoft will soon remove all phone-related options from their list of acceptable 2nd factor authentication options. Please ensure you're not using "phone" as a default to avoid interruptions in service. Expand these instructions for the details.
Info

In step 3, if you had only ‘password’ showing as your sign in method, you can skip step 4.

While signed in to

(Welcome back if you have setup your FOB)

While still on the https://myprofile.microsoft.com and while looking at the security Info card (refer to Step1 above if you need help getting back here):

  • Click the ‘Change’ link

  • Click the down arrow to view a list of options

  • Click on ‘App the appropriate default method

    • For cellphone users using the Microsoft Authenticator app choose App based authentication -

    notification’

    • notification as shown in the picture

    if you’re using the MS Authenticator app.

    • If you’re an employee using a hardware token, choose that option instead.

    • For FOB users using the FOB you just setup choose App based authentication or hardware token - code as shown in the picture

  • Click the blue ‘Confirm’ button

image-20240202-212714.png

...

Info

No, you won’t always be asked to MFA because:

  • you WILL have to repeat the steps if you get a new mobile device (Best to have the old phone handy when you redo the setup)

  • not all RRU resources are MFA protected at this time

  • the rules behind the scenes dictate how frequently and in what circumstances you are asked to MFA

  • Currently the default settings are once every 12 hours. You may be required to MFA less on an RRU computer in the future.

...

More information can be found on this FAQ page.

Bonus: Back to where you came from?

Everyone - About Office 365 for RRU Staff, Faculty and Students

Students - Webmail access for Students

Staff/Faculty/Associate Faculty - Webmail for Staff and Faculty /wiki/spaces/ITKNOW/pages/5838261

Staff/Faculty only - New Remote Desktop Connection /wiki/spaces/ITKNOW/pages/5837595 (must login to see this content)