MFA FAQ || Best Practices : Deseret Management Corporation

With the advent of Multi-factor Authentication, we've gotten a few questions. We'd like to answer most all of those questions here! If you don't see the answer or question you're looking for, please feel free to reach out to the IT team and we can definitely go over it!

Why are we using MFA?

With the rise of cyber attacks, it is imperative we stay vigilant. By activating MFA, we effectively add another layer of security to impede a would-be attacker. The reason it works is because even if your password is compromised, you will still need to approve said login via your mobile device via an Authenticator app, a phone call, or another method of MFA.

How do I set up MFA?

Setting up MFA is a nice and quick process that should take 5-10 minutes! We've documented how to go through it with instructions and screenshots here:

https://www.dmc.help/a/solutions/articles/47001191328

Do I have to use the Microsoft Authenticator app?

Sure don't! If you have another authentication app that you prefer, you can absolutely use that instead of the Microsoft Authenticator app we recommend. We tend to recommend Microsofts Authenticator app because it allows a user to respond to a push-notification (given the option to Approve or Deny) on your phone instead of having to enter in a 6 digit code when you login.

I got a seemingly random pop-up asking to approve a login, what should I do?

If you don't see what device it's trying to log into such as your mobile mail app or your computer, definitely better safe than sorry! You can deny this and check the locations of your logins at https://mysignins.microsoft.com/ . It'll also show you information about the device trying to get into your account from browser information to if it was a successful login!

On this same note, you will receive this notification every 14 days for existing sessions that you log into so it may not be an attacker BUT again, better safe than sorry!

I keep getting prompted each time I login. I thought it was supposed to be every two weeks?

If you want to be prompted every 14 days instead of each login, you need to make sure you're ticking the "Don't ask again for 14 days" option that pops up when you login. This will change the setting so that instead of it prompting for authentication each time, you will be able to forego that for 2 weeks!

My MFA keeps defaulting to my calling my phone instead of my Authenticator app! How can I rectify this?

We can fix this in https://mysignins.microsoft.com/ ! If you navigate there, you should navigate to Security Info on the left column menu.

Now, under the Security Info section you should see Default sign-in method: . Here, you can click the blue hyperlink (highlighted yellow below) to change your preferred mode of MFA.

MFA FAQ || Best Practices Print

Related Articles