What is MFA/2FA?
Multi-Factor Authentication more frequently referred to as Two Factor Authentication (2FA) is a mechanism used to improve security by using two methods to verify your identity when accessing online services. The two principles are:
- Something you know – your password
- Something you have access to – an app, contact number or an alternate email address
We have all used MFA/2FA in our lives whether it be for online banking, online shopping or gaming. It ensures you are you and not an imposter trying to gain access.
Why are we enabling it now?
As you know John Taylor MAT holds a vast amount of personal data relating to staff, students, parents and other third parties which is accessible from an ever increasing number of devices and locations throughout the world – this data is at risk from a breach or encryption if we do nothing.
Over recent weeks and months there have been an number of accounts flagged to IT Support as having suspicious logons from other countries such as India, Russia, USA and China. While we can deal with these retrospectively by forcing a password change this is not a proactive response to security.
Under UK law the Trust is required to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.” With an increase in educational establishments being hit with ransomware attacks and recent advice given by the National Cyber Security Centre to bolster defences – now is an appropriate time to act and act quickly.
What do I need to do?
Setting up MFA/2FA is a simple process and can be completed from any web enabled device that supports Microsoft 365. MFA/2FA can be configured by:
1. Visiting aka.ms/MFAsetup and signing in using your JTMAT email address (if prompted)
2. Click the “Add Method” button
3. You will then be prompted to select an authentication method. The MAT recommends using one of three methods; the Authenticator App (Recommended), Email, or Phone (SMS/Call) to verify your identity.
Authenticator App (Recommended) Setup Guide
Security Questions are not a valid form of identification for MFA/2FA. If you select this method you will be prompted after 6:30am Monday 28th February 2022 to select a different method.
Information you add e.g. phone no. or email address is not shared within JTMAT. The only people that can see this are you and IT Support. Only you can see the answers to your security questions.
Signing in using MFA/2FA
Microsoft have produced a guide on how the sign in process will work once you have enabled MFA/2FA:
When do I need to do it by?
MFA/2FA will be compulsory for all MAT staff accessing Microsoft 365 services externally (not in school) at 6:30am Monday 28th February 2022.
What if I do nothing?
If you elect to do nothing you will be prompted after 6:30am Monday 28th February 2022 to complete the registration process when signing in from an external location e.g. at home or on the move.
Note: You will not be permitted access to your Microsoft 365 account outside of the network (your school) until this has been configured.
Are there any other benefits?
Yes, once you have configure MFA/2FA you will be able to reset your own password from any web enabled device at anytime by visiting: https://passwordreset.microsoftonline.com/
Frequently Asked Questions
When will I be prompted to verify my logon?
You will be asked whenever you:
- access any Office 365 programme such as Outlook or Teams
- switch to a different browser (e.g. Chrome, Firefox, Safari)
- use a different computer/device
- turn on private browsing
- do not allow cookies to be saved, or cookies are not enabled
AND you are outside of a JTMAT School e.g. at home or on the move.
How often will I be prompted to verify my logon?
You will be prompted to verify your logon every 90 days.
Has this been tested with anyone?
Yes, all MAT IT Staff have this policy enabled to prevent unauthorised access to administrative functions.
What if I receive an unexpected MFA notification?
Please decline the MFA notification and If you are using the Microsoft Authenticator app, please press the report button which will notify IT Support.
Your account will not be locked out if you do this but please remain vigilant and do not approve any requests unless you are expecting it.
What if I have access to other email accounts?
If you have access to other email accounts such as headteacher, office or finance these are excluded from the MFA/2FA policy.
My question hasn’t been answered
If you have any questions or concerns not addressed above please email Mark Crompton (firstname.lastname@example.org).