Student Microsoft Office 365 Apps Sign-In Options
This knowledge base article will discuss configuring Multi-Factor Authentication (MFA) for Student's Microsoft Office 365 Apps and changing phones, phone numbers, and account information associated with an account's MFA profile. One may reach Microsoft Office 365 Apps by:
- Logging into https://www.webmail.ucf.edu/ to access your student email
- Visiting https://www.office.com/
- Downloading the free Microsoft 365 mobile app: https://www.microsoft.com/en-us/microsoft-365/mobile
Table of Contents
- Enroll using Microsoft Authenticator
- Changing the Microsoft Authenticator Default Sign-In Option
- Registering FIDO2 Keys
- Microsoft MFA FAQs
- Does MFA protect my privacy and the privacy of my device?
- Can I use an international number as a second factor in the MFA service?
- Reactivating MFA Account
- Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
Student Enrollment
Enroll using Microsoft Authenticator
Students will be required to use Microsoft Authenticator when prompted for multi-factor authentication. This is the same method used to protect Knights Email. The steps below will walk you through downloading the Authenticator app and the account registration process.
There are two primary methods for enrolling in Microsoft MFA, visit https://aka.ms/mysecurityinfo and register by logging into Webcourses (after May 8th) or login with your NID@ucf.edu student email address and register as a part of one's authentication process.
Attention Knights Email users: When logging into Microsoft 365 Apps, your web browser may remember your Knights email account as an account which you previously authenticated with. If you see your @knights.ucf.edu email account on the page below, please hit the back arrow in front of your account name and you will then be able to enter your NID@ucf.edu. UCF requires authentication with one's NID.
2. After a successful NID login, you will be asked to register your NID with MS Authenticator. Please click the 'Next' button as seen below:
3. Next, you will be asked to download the MS Authenticator app if your device has not been installed.
a. If you do not have the MS Authenticator App installed on a personal device (such as a smartphone), please select the 'Download now' link in arrow 1.
b. Once downloaded, or if you already have MS Authenticator installed on your device, please select 'Next' shown in arrow 2.
| UCF strongly encourages using the MS Authenticator app as your primary MFA method. However, suppose you do not choose to use the MS Authenticator app. You may also use a FIDO2 Security Key or your phone number by clicking on the 'I want to set up a different method' link in the image's bottom left corner. |
4. Please open the MS Authenticator app on your device. On the main Authenticator screen, you will see a '+' sign allowing you to add a new account to the app.
a. Click the '+' sign.
b. You will be asked what type of account you are registering for. Please select 'Work or school account.'
5. Select 'Next' on your web browser as seen below:
6. Your web browser will now show a QR code, as seen in the example below. You may scan this QR code with your device by selecting the 'Scan a QR Code' option. Please note that you will need to scan the QR code with the MS Authenticator app. Using a generic QR reader will result in a registration error.
7. After scanning the QR code with the MS Authenticator app, your web browser will ask you to approve the request using the MS Authenticator app.
8. Once the number has been entered into MS Authenticator and is recognized by the app, your web browser will load a screen noting that your MFA authentication was approved:
9. Congratulations! Your MS Authenticator registration is successful and complete!
You may now click the 'Done' button to close the registration page and be taken to the application you initially logged into.
Changing the Microsoft Authenticator Default Sign-In Option
1. Open a web browser and navigate to https://aka.ms/mysecurityinfo
2. Login with your full NID (include the @ucf.edu)
3. Authenticate with your NID and password once prompted.
4. Respond to the MFA prompt displayed in your web browser using the MS Authenticator app on your device.
5. Once authenticated, the Security info page is displayed:
6. Arrow 1 will allow you to change your default notification method. Options include:
- MS Authenticator App (recommended).
- FIDO2 Security Key (can be used instead of a smartphone).
- Phone number.
7. Arrow 2 will allow you to change the phone number associated with your account. This is useful for having a secondary MFA option if your device is not with you.
8. Arrow 3 grants the ability to remove authentication options.
9. Arrow 4 will sign your NID from any active sessions that MS Authenticator protects. This is a powerful option to access if your MFA device is missing and unsecured.
| Passwordless Authentication: You may sign in with your smartphone without a password. For further assistance configuring Microsoft Authenticator and enabling smartphone sign-in, see Sign in to your accounts using the Microsoft Authenticator app. |
Registering FIDO2 Keys
If one prefers not to use a smartphone as an MFA device, FIDO2 keys act as a small physical token that can be used when prompted for MFA. These keys can be purchased online or at UCF's Technology Product Center. To configure a FIDO2 key:
- Browse to https://myprofile.microsoft.com.
- Sign in if not already.
- Click Security Info.
- If the user already has at least one Azure AD Multi-Factor Authentication method registered, they can immediately register a FIDO2 security key.
- If they don't have at least one Azure AD Multi-Factor Authentication method registered, they must add one.
- An Administrator can issue a Temporary Access Pass to allow the user to register a Passwordless authentication method.
- Add a FIDO2 Security key by clicking Add method and choosing Security key.
- Choose USB device or NFC device.
- Have your key ready and choose Next.
- A box will appear and ask the user to create/enter a PIN for your security key, then perform the required gesture for the key, either biometric or touch.
- The user will be returned to the combined registration experience and asked to provide a meaningful name for the key to identify it easily. Click Next.
- Click Done to complete the process.
Microsoft MFA FAQs
Configure MFA for your account
Log in with your nid@ucf.edu: https://aka.ms/mfasetup
Download and Install Microsoft Authenticator App
Configuring MS Authenticator - YouTube video
https://www.youtube.com/watch?v=Q8OzabuNwHI
Register FIDO2 Key:
What Methods of MFA does Microsoft support?
- Phone Sign-in: A version of two-factor verification that lets you sign in without requiring a password, using your username and your mobile device with your fingerprint, face, or PIN. You also have the option to verify a sign-in using a phone call or text messages.
- Passwordless: There is an option to have to enroll in “passwordless” authentication. After registering your account you will be prompted with a 2 digit code to enter into your authenticator. This requires less time to authenticate vs using one’s lengthy and complex password.
- FIDO2 Security Key: Security keys are considered a stronger verification method because they require a physical key. Security keys are a password-less sign-in method. A security key is a physical device that's used with a unique PIN to sign into your work or school account. These keys can be purchased at the UCF Technology Product Center and can be used as an alternative sign on method instead of using a smart phone.
What if I lose the device I use for verification?
In the event that your verification device is stolen, lost or no longer used, you can disable that device in the MS app settings. How to disable devices:
Manage your work or school account connected devices from the Devices page
Recommended Backup Setting
UCF recommends allowing the authenticator app to backup its MFA settings in your device’s cloud storage account (compatible with Google and Apple cloud). To double check this setting, follow these steps:
- Open the Authenticator application
- Click on the eplipsies (three dots)
- Select “Settings”
- Scroll down to the Backup section
- Toggle Cloud Backup to “on” and make note of the recovery account.
Why am I receiving push notifications?
You are receiving notifications because you opted to receive notifications as a part of MFA Push, which is the fastest and easiest way to authenticate using MFA. These notifications only come when there is a login attempt using your credentials. If you are receiving MFA Push notifications without attempting to log in, an unauthorized user may be trying to access your account. In the event of attempted unauthorized access, you should change your NID password and contact the Support Center at (407) 823-5117.
Does MFA protect my privacy and the privacy of my device?
Yes. The University of Central Florida takes your privacy very seriously. Please refer to the UCF Internet Privacy Policy for more information. In fact, the MFA Service (and the MFA Mobile application) never receives your NID password. Your NID password is stored on UCF servers and is not shared with third-party applications. MFA protects your privacy by making it harder to access sensitive online information resources. MFA only stores the information you provide it (e.g., phone number). The MFA Mobile application asks for certain permissions necessary to perform its job. These permissions are not intended to gather personal information. The following list explains the purpose of each permission:
• Camera
∙ To scan the Quick Response (QR) Code issued when enrolling a new mobile device. After the enrollment process, the camera is no longer used and this permission can be disabled without causing the application to malfunction.
• Full Network Access
∙ Utilizes internet access to send and receive MFA Push notification.
• View Network Connections
∙ Uses the device’s network information to verify unusual connections.
Can I use an international number as a second factor in the MFA service?
Yes. The UCF IT MFA service will support international phone numbers. When adding a new device in the MFA Self-Service portal just be certain to change the country to match the origin of the number.
Reactivating MFA Account
You may need to reactivate your MFA account if you:
- Delete the MFA application from your mobile device
- Remove your UCF account from your MFA application
- Obtain a new phone that has the same phone number assigned to it
To reactivate your account, follow these steps:
- Using a Web browser on a computer, navigate to my.ucf.edu
- If you are an employee, then click the "Workday" link. If you are a student, visit a site that offers MFA protection such as UCF Apps.
- When prompted for MFA, click "My Settings & Device" (you may have to authenticate prior to reactivating your device)
- Select "Device Options"
- Search for the device you want to reactivate in the list
- Next to this device, click "Reactivate"
If your device has a camera, continue to step 7; otherwise, skip to step 8 - Scan the QR Code with your device
- Open the MFA app on your device
- Click the ‘+’ button to add an account
- Hold your device so the camera centers on the QR Code
- Once the QR Code is successfully scanned, the "Continue" button will be available on your computer
- Use the link to reactive your account
- Click "Continue" and follow the instructions to finish activating your device
Lost, Forgot, Broke, Unavailable, or Locked Out of MFA Device
If your primary MFA device has been misplaced, left at home, broken, or otherwise can't be used to authenticate:
- If you have an additional device enrolled, use the second device to authenticate.
- If you have no other devices enrolled, call the UCF IT Support Center (407) 823-5117 to get assistance in enrolling another device after verbally verifying your identity.