Multi-Factor Authentication (MFA)

This section explains how to use Multi-Factor Authentication (MFA) with Microsoft 365 at the University. When you sign in to Microsoft 365 after entering your SSO-KID and password, you will receive a notification on your smartphone application or an SMS on your mobile phone number. It is a strong security measure that can prevent unauthorized access even if the password information of the account is leaked.

Notice

In our Microsoft 365 environment, MFA information cannot be registered until MFA is activated for account protection. If you access the MFA information registration page before activation, the message “Your sign-in was blocked” will appear and you will not be able to access the page. Please follow the instructions on this site.

Since MFA is a security measure that protects your account, it cannot be disabled once it is enabled. Please fully understand the following contents before enabling MFA.

Please refer to Sign-in Problems if you are unable to sign-in after enabling MFA.

Please refer to Re-registration when renewing smartphone if If you renew your smartphone and cannot authenticate.

Please read this page thoroughly before proceeding with the MFA setup.

Please enable MFA and register the first MFA information during working hours (weekdays 9:00 - 17:00), to receive support from the Information Infrastructure Initiative when you have a trouble with MFA registration/verification.

The authenticator app is a mechanism to perform personal authentication by confirming that you do have the device with the registered app installed. When you register an account in the authenticator app, information unique to each device is stored in the app. If you replace the device or uninstall the app, you will not be able to confirm possession of the registered device, and you will not be able to sign in. If you want to delete or reset the authenticator app, please make sure to register another MFA information before doing so.

Please install multiple MFA information in case you forget your registered mobile device at home, or in case of breakage or loss. Also, please register the authenticator app on your workplace PC browser as well.

Outline

Recently, the unauthorized use of accounts due to password leaks has increased significantly. The university has also experienced information-related incidents such as account information leaks due to phishing e-mails and spam e-mailing from unauthorized users. The attacks have become more sophisticated and it is difficult to prevent fraudulent use of accounts when simply using passwords for identity verification. Multi-Factor Authentication (MFA) prevents account abuse by strengthening identity verification. In addition to the password, MFA verifies that the user is the owner of a pre-registered device or phone number and prevents unauthorized third parties who do not have access to these devices or phone numbers from using these accounts. It is a strong security measure that can prevent unauthorized access even if the password information of the account is leaked.

Implementing MFA for Microsoft 365 at the university will enable more secure access to services such as email, cloud storage, and online conferencing, which are vulnerable to misuse. MFA is available to all members of the University (SSO-KID holders).

To prevent unauthorized registration of the identity verification information itself, MFA cannot be disabled once it is enabled. Please fully understand the following contents before enabling MFA.

How do I use MFA?

To use MFA, you must first “Enable MFA”. This will unblock the access to the MFA information registration page, and allow you to self-register the additional information required for MFA. You should register MFA information as soon as possible after enabling MFA, because using MFA to verify your identity becomes mandatory for signing in. If no MFA information is registered when you sign in, you are required to register MFA information on-the-spot and you won’t be able to finish signing in until the registration completes. After that, you use the registered MFA information to verify your identity.

Microsoft 365 provides the following methods to verify the identity using MFA.

  • Confirmations sent to the dedicated app for mobile devices (Microsoft Authenticator)
  • Entering the confirmation code in the authenticator app for your PC browser or mobile device (e.g., Google Authenticator)
  • Entering the confirmation code in the SMS sent to your mobile phone number.
  • Receiving a voice call to a landline or other phone and pressing the dial button for confirmation

The most reliable way is to use the dedicated app on your mobile device that you carry with you at all times; however, as mentioned above, you can also use it on your PC, feature phone, or landline. Further, you can also use your tablet. You should install and register the app on your workplace PC as well, in case you forget your mobile device at home, or in case of breakage or loss.

Please note that additional actions will be required to sign in but strengthening account protection using MFA is expected to enable user search and other functions to improve the convenience in Microsoft 365.

Conditions under which MFA is required

Once MFA is enabled, you will be required to use it at all times when signing in, both on- and off-campus, to familiarize yourself with the verification process. In addition, the sign-in period will be reduced to seven days, and you will be asked to sign in more frequently. Please use the system frequently to become familiar with its use in various situations.

If you prefer not to use MFA on campus, or feel that signing in again after 7 days is too burdensome, we have an application form to change the conditions and frequency of signing in. The current settings are as follows:

  • Conditions under which MFA is required
    • Only when the system determines that there is a high possibility of unauthorized access (high risk)
    • Outside the Kyushu University campus network
    • Always, regardless of location of access
  • Frequency of signing in again – Often (about once every 7 days per app) – Usual (about once every 90 days per app)

Future Schedule

For the preparatory period, only those who have activated the MFA and wish to do so will be able to use MFA for identity verification. Afterward, we hope to make the registration mandatory for all members with the implementation date, which is yet to be determined. It is important for the protection of the university’s information assets that the MFA identification method is registered on all users’ accounts for them to be identified when necessary.

Once the MFA is mandatory, accounts that have not yet registered their information will be required to register it when signing in and will not be able to sign in until the registration is completed. To ensure smooth implementation and strongly protect your account, please complete the registration as soon as possible.

In case of trouble

Setup Manuals

  1. Enabling MFA
  2. Recommended Order for Registering MFA Information
  3. Initial MFA Information Registration Manual
  4. Initial Registration with Smartphone
  5. MFA Information Registration Manual
  6. Example of Identity Verification through MFA
  7. Alternate Phone Number Registration
  8. Changing MFA Settings
  9. MFA for Primary Mail Service
Collaborative Infrastructure Working Group, Information Infrastructure Initiative, Kyushu University