Best Practices - Azure Multifactor Authentication

All users configure Azure Multifactor Authentication* through their Microsoft 365 account when onboarding to ECU. Azure MFA allows log in to email, Canvas and other single sign-on applications.

For improved security protections, users are required to authenticate both on and off campus with no “remember this device” option.

Recommended Best Practices

Follow these recommended best practices to ensure a smooth, secure experience when accessing the ECU resources you use every day.

Best Practice No. 1 – Make Microsoft Authenticator app your default sign-in method.

Once configured for your mobile phone or tablet (check app store for device compatibility), the access code can be used offline if network and cellular access is unavailable.

 

Best Practice No. 2 – Configure multiple MFA methods.

If your mobile device is unavailable, you can use an alternate authentication method.

  • Phone call. Set up a phone number to receive a voice call from Microsoft for authentication. You can add up to three different phone numbers.
  • Click Add sign-in method to choose an alternate phone, office phone plus a mobile number from the Security info section of Microsoft 365.
  • Personal email. Add a non-ECU email address to receive the verification code.

 

Best Practice No. 3 – Work around weak cellular signals.

  • Enable Wi-Fi calling to receive calls over the Wi-Fi network rather than cellular signals.
  • See this information for onboarding your devices to eduroam, ECU's primary Wi-Fi network.
  • Use the Microsoft Authenticator app which can generate a verification code without an internet connection or cellular signal. The Authenticator app is the recommended default method for users.

 

Best Practice No. 4 – Periodically check app updates and verification settings.

  • Regularly update the Microsoft Authenticator app to the latest version for improved security and features.
  • Review and update your secondary authentication methods to ensure phone numbers and email addresses are up to date.

 

Best Practice No. 5 – Follow these security tips.

  • Do Not Share Codes. Never share your verification codes with anyone.
  • Do not approve an unexpected MFA prompt until you check your recent activity.
  • Check your account’s recent activity through the Microsoft 365 My Sign-ins page. Ignore unsuccessful attempts, but a successful sign-in from a location you don’t recognize should be reported to the IT Service Desk.

 

Best Practice No. 6 – Contact Pirate Techs for questions and support.

  • Call the IT Service Desk at 252-328-9866.
  • Visit your nearest Pirate Techs walk-in location.

*I configured MFA twice when onboarding. What's the difference?

  • Azure MFA is used to log in to ECU resources and applies to these best practices.
  • PirateID Self Service authentication is used for that system only to reset/unlock your password.
Print Article

Details

Article ID: 67771
Created
Fri 8/30/24 3:44 PM
Modified
Wed 9/4/24 3:13 PM
Service Owner
Unified Communications

Related Articles (4)

CURRENT USERS. Number matching is used with the Authenticator app to verify your identity when logging in to ECU resources.
CURRENT USERS. Set up and manage verification methods that allow you to access ECU apps and systems.
NEW USERS. Follow these steps to set up phone call verification as the authentication method for your PirateID user account.
NEW USERS. Follow these steps to set up text message as the authentication method for your PirateID user account.