Microsoft Authenticator MFA Registration

Configuring and Using the MS Authenticator App

Adding Additional MFA Methods or Changing the Microsoft Authenticator Default Sign-In Option

Registering FIDO2 Keys

Microsoft Authenticator FAQ

Multifactor Authentication with Microsoft

There are two primary methods for enrolling in Microsoft MFA, visit https://aka.ms/mysecurityinfo and register prior to authenticating into a system which requires it, or during the first time logging into a protected application (Example: Webcourses)

UCF recommends downloading the MS Authenticator app on one's personal device (cell phone being the most commonly used) as the app is considered to be Phish resistant. SMS text may also be used, and is recommended as a backup method but is more susceptible to phishing attacks. For those who do not want to use a personal device for MFA, FIDO2 keys may also be used in their place. 

Configuring and Using the MS Authenticator App

IMPORTANT: Please do not remove the MS Authenticator app from your personal device after logging in. You will need to use MFA for future logins as well as the first time authenticating to Webcourses. 

1. Visit any UCF application protected by Microsoft MFA (Example for this walkthrough will be Webcourses) and log in using your nid@ucf.edu, as seen below.
2. After a successful NID login, you will be asked to register your NID with MS Authenticator. Please click the 'Next' button as seen below:
3. Next, you will be asked to download the MS Authenticator app if your device has not been installed. 
   1. If you do not have the MS Authenticator App installed on a personal device (such as a smartphone), please select the 'Download now' link in arrow 1. 
   2. Once downloaded, or if you already have MS Authenticator installed on your device, please select 'Next' shown in arrow 2.
4. Please open the MS Authenticator app on your device. On the main Authenticator screen, you will see a '+' sign allowing you to add a new account to the app.
   1. Click the '+' sign.
   2. You will be asked what type of account you are registering for. Please select 'Work or school account.'
5. Select 'Next' on your web browser as seen below:  
6. Your web browser will now show a QR code, as seen in the example below. You may scan this QR code with your device by  selecting the 'Scan a QR Code' option.  Please note that you will need to scan the QR code with the MS Authenticator app. Using a generic QR reader will result in a registration error. 
7. After scanning the QR code with the MS Authenticator app, your web browser will ask you to approve the request using the MS Authenticator app.  
8. Once the number has been entered into MS Authenticator and is recognized by the app, your web browser will load a screen noting that your MFA authentication was approved: 
9. Congratulations! Your MS Authenticator registration is successful and complete.

You may now click the 'Done' button to close the registration page and be taken to the application you initially logged into. 

IMPORTANT: Please do not remove the MS Authenticator app from your personal device after logging in. You will need to use MFA for future logins as well as the first time authenticating. 

RECOMENDATION: It is highly recommended that you also set up an alternate method of MFA in case an issue prevents you from using the Authenticator app. SMS text is a frequently used option. After your initial registration we urge you to continue to the next section and enroll your cell phone as a secondary device giving you have multiple methods of MFA to choose from.

 

Adding Additional MFA Methods or Changing the Microsoft Authenticator Default Sign-In Option

1. Open a web browser and navigate to https://aka.ms/mysecurityinfo 
2. Login with your full NID (include the @ucf.edu)  
3. Authenticate with your NID and password once prompted.
4. Respond to the MFA prompt displayed in your web browser using the MS Authenticator app on your device.  
5. Once authenticated, the Security info page is displayed:

1. Arrow 1 will allow you to change your default notification method. Options include:
   1. MS Authenticator App (recommended).
   2. FIDO2 Security Key (can be used in place of a smartphone).
   3. SMS accessible phone number.
2. Arrow 2 will allow you to add or change MFA methods, such as phone number, associated with your account. It is useful to have a secondary MFA option if your device is not with you or is malfunctioning. It is highly recommended that you add a second MFA method to your account such as SMS text.
3. Arrow 3 grants the ability to remove authentication options.
4. Arrow 4 will sign your NID out from any active sessions that Microsoft MFA protects. This is a powerful option to utilize if your MFA device is missing and unsecured.  

Registering FIDO2 Keys

If one prefers not to use a smartphone as an MFA device, FIDO2 keys act as a small physical token that can be used when prompted for MFA. These tokens resemble USB keys and can be purchased online or at UCF's Technology Product Center. To configure a FIDO2 key:

1. Browse to https://myprofile.microsoft.com.
2. Sign in if not already.
3. Click Security Info.
   1. If the user already has at least one Microsoft Multi-Factor Authentication method registered, they can immediately register a FIDO2 security key.
   2. If they don't have at least one Microsoft Multi-Factor Authentication method registered, they must add one.
   3. UCF Service Desk may also issue a Temporary Access Pass to allow the user to register a Passwordless authentication method. 
4. Add a FIDO2 Security key by clicking Add method and choosing Security key.
5. Choose USB device or NFC device.
6. Have your key ready and choose Next.
7. A box will appear and ask the user to create/enter a PIN for your security key, then perform the required gesture for the key, either biometric or touch.
8. The user will be returned to the combined registration experience and asked to provide a meaningful name for the key to identify it easily. Click Next.
9. Click Done to complete the process.

Microsoft Authenticator FAQ

• What is MS Authenticator?
  • The Microsoft Authenticator app helps you sign into your accounts more securely by using two-step verification. Two-step verification adds an additional verification method after signing in using your username and password. The two-step verification helps keep your accounts more secure in the event that your passwords are stolen or forgotten.
• How do I download it?
  • You can download the Microsoft Authenticator for your specific device through the website links below.
    • Google: Downloading Microsoft Authenticator through Google Play
    • Apple: Downloading Microsoft Authenticator through the Apple Store    
• What if I lose the device I use for verification?
  • In the event that your verification device is stolen, lost or no longer used, you can disable that device in the MS app settings or by following these instructions.
• Recommended Backup Setting
  • UCF recommends allowing the authenticator app to backup its MFA settings in your device’s cloud storage account (compatible with Google and Apple cloud).  To double check this setting, follow these steps:
    • Open the Authenticator application
    • Click on the ellipsis (three dots)
    • Select “Settings”
    • Scroll down to the Backup section
    • Toggle Cloud Backup to “on” and make note of the recovery account.
• Support Links
  • If you have additional questions or want a more in-depth tutorial, please visit: Microsoft Authenticator Tutorial
  • Adding your work account to MS App: Add your work or school account to the Microsoft Authenticator app 
  • Updating your two-step verification settings: Change your two-step verification method and settings 
  • If MFA assistance is required, please click here to submit an MFA support ticket or contact the UCF Support Center directly at itsupport@ucf.edu or call 407-823-5117 option 9.