WHAT IS THE RECOMMENDED TWO-FACTOR AUTHENTICATION METHOD? 
 

If you have a smartphone or tablet, we recommend using the Azure Authentication Mobile app to receive a Push notification, as it is quick, easy-to-use, and secure. It is a very lightweight app and uses minimal data.  You can verify a login with only two taps. 

​

 

WHAT  DEVICES CAN I USE AS A SECOND FACTOR? 
 

We highly recommend that you register at least two methods in case your primary method is unavailable.  

​

​

MICROSOFT PUSH  (THIS IS THE PREFERRED METHOD FOR THE FIRST METHOD) 

It is the quickest, easiest method for approving the login.  

It requires installing the free Microsoft Authenticator Mobile app on a smartphone or tablet. 

There is no cost for the message push to the device.  

Microsoft Push works with iPhones, iPads, Android phones and tablets, Windows phones, Apple watches, and other smartwatches.
 

PHONE CALL (THIS IS THE PREFERRED METHOD FOR THE SECOND METHOD) 

All on-campus faculty/staff are encouraged to enroll their desk phone. This is a good backup solution in case you lose or break your smartphone.  

If a phone can receive a call, then it will work with Microsoft Security!  

You can use a smartphone, cell phone, landline, international phone number, Google Voice number, etc. 

Microsoft will call the selected phone number and prompt you to press a key to authenticate.
  

SMS TEXT 

Microsoft can send a text message to any phone that can receive SMS text messages.  

You will receive a code to enter into the computer/device to approve the login.
  

SECURITY KEY 

This method is not currently supported.
 

SECURITY TOKEN (HARDWARE TOKEN) 

This method is not currently supported.  

 

 

WHAT IF I DON'T HAVE A SMART PHONE, OR CELL PHONE? 
 

If a phone can receive a call, then it will work with Microsoft! The Mobile app is the preferred second factor of authentication; however, you can also use phone calls and text messages to any phone number.  You do not need to have a cell phone – Azure authentication will work with your desk phone, home phone, and international numbers.  

​

 

WHAT IF MY PHONE DOES NOT HAVE INTERNET OR CELL SERVICE? 

​

Any phone can work with Azure authentication. You can use a landline to receive authentication notifications.  In this case, we recommend using both the work desk phone and a home phone as primary and backup authentication so that you can log in regardless of whether you are at work or at home. 

​

 

HOW DO I ADD, REMOVE, OR CHANGE MY DEFAULT DEVICE? 

​

• Go to myaccount.microsoft.com and sign in 

• Click the Update Info button on the Security info tile 

• Click on the ‘+’ sign next to Add method to add another authentication method. 

• Click on the ‘change’ or ‘delete’ buttons to change your current method selections. A ‘Microsoft Authenticator’ method may not be edited but can be deleted and re-added in order to change between push notification and authentication code methods. 

* We highly recommend you register a second method in case your primary method is unavailable. Enrolling your smartphone and desk phone is an excellent choice for on-campus employees.  Your partner’s or roommate’s phone is another good option as a backup if you lose your device. 

​

 

I GOT A NEW CELL PHONE (SAME PHONE NUMBER), HOW DO I SET IT UP? 

​

If you are using the phone call or text options, no change is necessary as the same number will be called or texted. 

If you are using the authenticator app, first make sure you have downloaded the app to the new device, but don’t run it yet.  Then simply: 
 

• Go to myaccount.microsoft.com and sign in 

• Click the Update Info button on the Security info tile 

• Click ‘Delete’ next to the ‘Microsoft Authenticator’ method 

• Click on the ‘+’ sign next to Add method to add another authentication method. You will be stepped through the process for enrolling the new device. 
   

 

CAN ESU OR MICROSOFT SEE MY PASSWORD? 

​

No. Your password is never saved in any human-readable format in our systems or at Microsoft.  

​

 

WHO WILL HAVE TO USE MULTI-FACTOR AUTHENTICATION? 
 

Currently employed faculty (on-site, remote, and adjunct) and staff are required to use Microsoft multi-factor authentication. 

 

Student employees and graduate assistants will also be required to use Multi-Factor Authentication.

 

Students will not be required to use Multi-factor Authentication at this time. 

​

Retired employees, volunteers, and employees who do not use a computer in their job functions are not required to use Multi-factor at the current time but will be added in the coming weeks. 

​

 

DOES MICROSOFT MFA WORK OUTSIDE THE UNITED STATES? 
 

For the phone call and text option, MFA works anywhere that phone calls or text messages can be received.  The authenticator application is restricted within China and most functions are not available. 

​

 

WHAT IF I HAVE MY SMARTPHONE, BUT I DO NOT HAVE INTERNET ACCESS?
 

If you cannot authenticate because you have no internet access, there are other options.  After the login screen, you will get a Microsoft authentication screen with the option to ‘choose another method’ to authenticate. Assuming you have configured phone or text option, you may select any of the phone-based options, including Text or Call.  You must have a cellular signal for this to work with a cell phone or access to the landline if it has been configured in your account. 

​

 

WHAT IF I LOSE MY CELL PHONE AND I DON’T HAVE ANOTHER BACKUP METHOD CONFIGURED?
 

Call the Help Desk and we can reset your account so that you can re-enroll in Multi-factor and set up a new set of authentication methods. 
 

 

I DON'T WANT TO USE MULTI-FACTOR. CAN I TURN IT OFF?
 

Multi-factor authentication is required for ESU faculty and staff and cannot be turned off.