To enhance the security of CU Boulder accounts, the Office of Information Technology is enabling multi-factor authentication (MFA) to protect Microsoft Office 365 applications. Starting April 8, CU Boulder students and alumni will be enrolled in MFA and given 14 days to register. Details about how to register and get help will be emailed to these groups and are also included below.
How to register
As you sign into Outlook, Excel, Office Online and other Microsoft applications, you will be prompted to register in Microsoft Multi-Factor Authentication. We have provided MFA login instructions on the Microsoft Office 365 page. If on the 14th day of your enrollment (April 23) you still have not registered, you will be required to do so before being allowed to login to Microsoft applications.
During registration, you will be prompted to set up MFA to login to Microsoft applications and have two options for proving who you are. You can register to get a text message with a code you’ll type in when you log in or you can download and install the mobile app on your phone. The mobile app only requires you to tap a button to log in but can take more time to set up. If using the mobile app sounds more convenient, we suggest adding the texting feature first, followed by adding the mobile app.
Since mobile phones are so ubiquitous and we seldom go anywhere without one, they are the most popular choice for multi-factor authentication. However, if you do not want to use your mobile phone for MFA or don’t own one, some FIDO2 tokens are an option. Please see the Multi-Factor Authentication FAQ for more information about this option.
How to log in after you’ve registered
When you log in to a Microsoft Office 365 application for the first time after registering, you could be prompted with the second factor that you set up during registration. After the initial registration, you will only be prompted to use MFA when a threat to your account is detected.
Why we’re doing this
One of the most common ways cybercriminals attack our campus is through collaboration services like Office 365. MFA helps protect you by adding an additional layer of security, making it harder for attackers to log in as if they were you. Your information is safer with MFA because thieves would need to steal both your password and your phone. MFA has been shown to block 99.9 percent of compromised-credential attacks, which in turn will help to safeguard the university’s data, finances, and reputation.