Microsoft Multi-Factor Authentication (MS MFA) - Frequently Asked Questions

Overview (What is Two-Step and how will it affect me?)

  1. What is Microsoft Multi-Factor Authentication (MS MFA)? 
  2. How does Microsoft Multi-Factor Authentication (MS MFA) work?
  3. Why should I use Microsoft Multi-Factor Authentication (MS MFA)?
  4. Do I have to use Microsoft Multi-Factor Authentication (MS MFA) to access my account?
  5. What devices are supported to register for Microsoft Multi-Factor Authentication (MS MFA)?
  6. Which University services or systems currently require Microsoft Multi-Factor Authentication (MS MFA) for login?
  7. How often will I have to use Microsoft Multi-Factor Authentication (MS MFA)?

Setup & Activation (How do I get Started?)

  1. How do I get started?
  2. How many devices can I enroll in Microsoft Multi-Factor Authentication (MS MFA)?
  3. What if I do not have a mobile device?

Usage (How do I use Two-Step?)

  1. How do I manage or edit my Microsoft Multi-Factor Authentication (MS MFA) devices?
  2. How do I authenticate with my smart phone app if I don't have cell signal, data, or Wi-Fi connection?
  3. My account is locked out. What should I do?
  4. How Much Data Does a Microsoft Authenticator Request Use?
  5. Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator App?
  6. What If My Phone Does Not Have Internet or Cell Service?
  7. Does Using Microsoft Authenticator App Give Up Control of My Smartphone?

Help & Additional Guidance (How can I learn more and get help?)

  1. I don’t have my Microsoft Multi-Factor Authentication (MS MFA) device with me. What can I do?
  2. What do I do if I get a Microsoft Multi-Factor Authentication (MS MFA) push notification on my device when I didn't log in?
  3. Can I use the app on my smart phone without affecting my data plan?
  4. I replaced the phone that I had registered in Microsoft Multi-Factor Authentication (MS MFA). What should I do now?
  5. What should I do since I lost my device that I use to authenticate with Duo?
  6. Why have I stopped receiving push notifications on the Duo Mobile app?
  7. My iOS mobile device is running an older iOS and I am unable to install the Duo Mobile application from the App Store. What do I do?
  8. How do Hardware Tokens Work?
  9. How Much Data Does a Microsoft Authenticator Request Use?
  10. Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator?
  11. What If My Phone Does Not Have Internet or Cell Service?

What is Microsoft Multi-Factor Authentication (MS MFA)? 

Microsoft Multi-Factor Authentication (MS MFA), also known as Two-Step Verification, provides an extra layer of security in addition to passwords. This additional step ensures that your information, transactions or online work is safer from unauthorized access by requiring a second method of authentication, such as a phone, code or other registered device, to verify your identity. Even if someone obtains your password, they cannot access your account without having your registered Two-Step device.

How does Microsoft Multi-Factor Authentication (MS MFA) work?

Microsoft Multi-Factor Authentication (MS MFA), also known as MS MFA or "Two-Step Verification" uses mobile technology to send an authentication request to your registered device. When you log into the SSO and click on a service that requires MFA, a notification will be sent immediately to your smartphone or other registered device. You simply tap Approve on the screen if using the authenticator app or use a numerical code sent to your device, which verifies that you are the person logging in and your access will be available.

Why should I use Microsoft Multi-Factor Authentication (MS MFA)?

Microsoft Multi-Factor Authentication (MS MFA) provides extra protection for the sensitive information our systems contain in case you are a victim of phishing or hacking. If someone steals your credentials and tries to access your account, your user name and password will not be sufficient to log in. The thief will also need to have access to your device to complete the log in process. If someone else tries to log in to your account, you will be notified on your device and you can deny them access instantaneously. Starting Spring 2021, all Microsoft Services will require MS MFA. Services include campus email, OneDrive, and the Office suite of products.

Do I have to use Microsoft Multi-Factor Authentication (MS MFA) to access my account?

MS MFA will be required for all Microsoft products including campus email, OneDrive, and the Office suite. This includes both web accessed services and University installed desktop software (Outlook, Word, Excel, etc). MS MFA is also required for CMS HR and CMS ES Administrative users. 

What devices are supported to register for Microsoft Multi-Factor Authentication (MS MFA)?

  • iOS devices (iPhone, iPad, iPod)

  • Android devices (phone, tablet)

  • Other cell phones (non-smart phones) and landline telephones

How do I get started?

After MS MFA is enabled for the campus, you will be presented with a set-up screen when accessing any University provided Microsoft service. These articles illustrate the activation process: 

Configuring Your Account for Microsoft Authenticator App
Configuring Your Account for Call/Text Messages 

How many devices can I enroll in Microsoft Multi-Factor Authentication (MS MFA)?

Microsoft Multi-Factor Authentication (MS MFA) lets you register multiple devices to your account, so you can always access your account even if one device is temporarily unavailable. We recommend a maximum of three devices.

How do I manage or edit my Microsoft Multi-Factor Authentication (MS MFA) devices?

Please refer to this article that describes how to change your two-factor verification method and settings.

I don’t have my Microsoft Multi-Factor Authentication (MS MFA) device with me. What can I do?

Contact the Technology Help Desk (THD) at (562) 985-4959 for assistance. 

Which services or systems currently require Microsoft Multi-Factor Authentication (MS MFA) for login?

MS MFA will be required for all Microsoft products including campus email, OneDrive, and the Office suite. This includes both web accessed services and University installed clients (Outlook, Word, Excel, etc). MS MFA will also be required for CMS HR and CMS ES Administrative Users. For these users, all CMS related services (CMS HR, CMS ES, Time Entry, Time Approval, Employee Center, Faculty Center, Student Center, ID Lookup, etc.) will require MS MFA.

How often will I have to use Microsoft Multi-Factor Authentication (MS MFA)?

For MS MFA enabled services accessed through the Campus Single Sign-On (SSO) service, you will be prompted to use MFA each time you launch the service. For University licensed Microsoft software installed to your device (personal or University-owned), you'll be prompted for MFA approval upon first login; however, your successful MFA login will be remembered and you won't be prompted again unless you've been inactive in that application for 90 days or you change your password. For installed, University-licensed Microsoft software (Outlook, OneDrive, Office, etc.), this one-time MFA process will be experienced on personal and/or university-owned computing devices (computers and mobile devices).

What do I do if I get a Microsoft Multi-Factor Authentication (MS MFA) push notification on my device when I didn't log in?

If you get a push notification from the Microsoft Authenticator app that you did not request, that means someone else is trying to log in using your account and your Beach ID account may have been compromised. Tap the Deny button in your Microsoft Authenticator app or take no action if a code is pushed to your device.  This denial will keep them out. 

How do I authenticate with my smart phone app if I don't have cell signal, data, or WiFi connection?

If you cannot use a “Push” or “Call,” use a “Passcode.” You can generate a passcode in the Microsoft Authenticator app. If you don’t have the app, you can enroll to receive a SMS text message or phone call.

If none of these options work, please contact the Technology Help Desk at (562) 985-4959 for assistance.

Can I use the app on my smart phone without affecting my data plan?

To use the app with no impact on your data plan, you must first connect to a WiFi network. Then open the Microsoft Authenticator app and generate a passcode (set of numbers). Using the passcode requires no data usage on your plan. Then log in to the system using the passcode.

I replaced the phone that I had registered in Microsoft Multi-Factor Authentication (MS MFA). What should I do now? 

If your phone number is the same:

  • Install the Microsoft Authenticator app and ensure you're configured to use the app with your University account. You'll be able to receive Call/Text messages if you've configured your account to receive these types of second factors.

If your phone number changed:

*If you do not have an alternate/back-up device enrolled, call the THD at (562) 985-4959.*

What should I do since I lost my device that I use to authenticate with MS MFA?

Contact the THD at (562) 985-4959 immediately if you lose your phone or suspect it has been stolen. They will disable your phone from being able to authenticate with Microsoft Multi-Factor Authentication (MS MFA) and help you log in using another device.

My account is locked out. What should I do?

The most common reason why your account is locked is because you have entered an incorrect password for your Beach ID account or the Two-Step has failed at least 5 times. Please contact the THD at (562) 985-4959 or helpdesk@csulb.edu.

Why have I stopped receiving push notifications on the Microsoft Authenticator app?

You may have trouble receiving push requests if there are Wi-Fi issues between your mobile device and Microsoft Authenticator app. Many mobile phones have trouble determining whether to use the WiFi or cellular data when checking for push requests. Simply turning the phone to airplane mode and back to normal operating mode often resolves these issues. Similarly, the issue may be resolved by turning off the Wi-Fi connection on your device and using the cellular data connection. If these two methods do not resolve the issue, contact THD at (562) 985-4959 or helpdesk@csulb.edu.

My mobile device is running an older operating system and I am unable to install the Microsoft Authenticator application from the App Store. What do I do?

You may need to upgrade to a newer iOS or Android version to install the mobile app.

What if I do not have a smart phone or mobile device?

Although use of the Microsoft Authenticator app on a mobile device is recommended, you can register a mobile phone to receive calls, or text messages. You can also register a land-line or office telephone to receive calls.

How do Hardware Tokens Work?

Tokens are provided on an exception basis for employees. Please contact your Administrative Services Manager (ASM) if you require a hardware token. A hardware token will work the same as using your MS Authenticator App to generate a code, which can be used to enter on-screen, when prompted.

How Much Data Does a Microsoft Authenticator Request Use?

Microsoft Authenticator authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a given month.

Why Have I Stopped Receiving Push Notifications From Microsoft Authenticator?

There are several reasons this could be happening. Please try the following to troubleshoot:

  1. Make sure your enrolled device has a cellular network or WiFi connection.
  2. Have the Microsoft Authenticator app open when you authenticate.
  3. If the above solutions don’t work, try using another authentication method, such as passcodes provided in the Microsoft Authenticator app.

What If My Phone Does Not Have Internet or Cell Service?

You can use the Microsoft Authenticator app to generate a one-time passcode to use without Internet or cell service.

Does Using Microsoft Authenticator Give Up Control of My Smartphone?

No. The Microsoft Authenticator app has no access to change settings or remotely wipe your phone. The visibility Microsoft Authenticator requires is to verify the security of your device, such as operating system version, device encryption status, screen lock, etc. Microsoft uses this to help recommend security improvements to your device. You always are in control of whether or not you take action on these recommendations.