Microsoft Authenticator Setup

Download a PDF version of this setup by clicking HERE

Download a Word Document of this setup by clicking HERE

Prefer to watch a video? Get to step 7 first, then visit this link.

What is factor authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.

The first factor will primarily be a computer/laptop and the second factor can be your phone, a verbal call or a text message. Two-factor makes it harder for criminals to break into your account. If you only use a password to authenticate and the password is weak or has been exposed elsewhere, it leaves an insecure avenue for attacks or fraudulent entry.

When you require a second form of ID, security is increased because this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.

How does authentication work?

When you sign into your O365 account, you will receive a prompt for ID verification using one of the following authentication methods:

Something you know, typically a password
Something you have, such as a trusted device like a phone
Something you are, such as biometrics like a fingerprint

You can authenticate your second factor several ways, however, we strongly encourage you to use the Microsoft Authenticator App if your phone is able to utilize it. It is the fastest verification option allowing you to just tap approve on your phone and adds an extra layer of security.

The Microsoft Authenticator app will function and generate new codes every 30 seconds even when you don’t have cellular coverage.

Can two factor be hacked?

Although it is possible for two-factor authentication to be hacked, the odds are very low and 2FA is certainly the best practice when it comes to keeping accounts and systems secure.

One way two-factor authentication could be hacked happens through the SMS method or, in other words, the method by which a one-time use code is sent to a user’s phone number via SMS or an automated phone call.

This is why we recommend using the Microsoft Authenticator app because it adds extra security and codes are contained within the app.

There have been stories of hackers tricking mobile phone carriers into transferring someone else’s phone number to their own phone. The hackers contact the carriers pretending to be their victims, requesting a new SIM with the victim’s number. They then have access to any authentication code sent to that phone number. Called SIM swapping, this is probably the most common way of getting around 2FA.

But carriers’ own security processes are improving and even acknowledging those risks, 2FA remains a strong and essential tool in the fight against cyber-attacks and identity fraud.

Pre-Requisite

In order to use multi-factor authentication with your Capital account, you will need to ensure the following pre-requisites are met:

  • You have a phone that can receive SMS texts and/or download the Microsoft Authenticator app
  • Have a computer with Office 2016 (or higher) installed
  • Internet access to complete the setup

What if I don’t own a phone or my phone doesn’t work with the app?

If you don’t have a phone or your phone can’t use the authenticator app, you can use a mobile device like your university iPad. Install the Microsoft Authenticator app on the iPad. You will need to keep the iPad with you at all times to authenticate.

You can also receive verification codes via text or receive a voice call to your cell, home or office line. Instructions on how to set this up can be found HERE.

What other factors can I use to authenticate?

Verification method Description
Phone call Sign into your 0365 account from your computer. A call from Microsoft to your phone asking you to verify that it is you signing in. Press the # key on your phone to complete the verification process.
Text message Sign into your 0365 account from your computer. A text message from Microsoft is sent to a your mobile phone with a 6-digit code. Enter this code to complete the verification process.
Microsoft Authenticator App (Passwordless) Sign into your 0365 account from your computer. Microsoft sends a verification request to your mobile app on your phone asking you to Verify or Approve to complete verification process. This needs to be setup.
Code Generator with Microsoft Authenticator App Sign into your 0365 account from your computer. Microsoft sends a verification request to your mobile app asking for the generated verification code. Code changes every 30 seconds. Use this code to sign into your account.

Getting started

  1. If you will be using the Microsoft Authenticator app, you should download and install the app to your cell or mobile device (iPad) first. Visit the app store for your operating system and download for either Android and iOS devices. Setup instructions can be found HERE. You can also watch a video HERE.
  2. Go to your PC and open this link in your web browser – https://aka.ms/mfasetup. This will prompt you to pick a Microsoft account. Select your Capital email account.                                                         
  3. You will be re-direct to the “Capital Gate” sign in page. Enter your Capital email address or username along with your password and click Sign in.

Follow the instructions in the help document to complete registration of 2FA HERE.

What if I need help?

Contact the IT Help Desk, helpdesk@capital.edu or 614-236-6508. We are here to help if you have questions or a special situation that would require our assistance.

During the Holiday break – Monday, December 20, through Friday, December 31 – the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outages will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Start Time
Main website Completed Monday 12/20/2021
Skype for Business Completed Evenings of 12/19/2021*
File Share Drives Completed Tuesday 12/21/2021
VPN services Completed Thursday 12/23/2021
Colleague (myCap, Colleague UI, etc.) Completed Wednesday 12/29/2021*
* Starting after 7pm
* May carryover to next day

 

 

This week, IT was made aware that Microsoft recently activated a global security enhancement feature with all O365 email accounts in which they blocked your ability to forward email messages from your internal O365 account (capital.edu) to any of your external accounts such as Gmail or Yahoo. Internal forwarding, from one capital.edu account to another capital.edu was not affected.

Although Microsoft made this global change, they have allowed an option for IT to enable the external forwarding capabilities again, so we have re-enable this feature as of this morning, which should allow you to continue to forward messages from your internal account to any external accounts.

Please note: Since this change was made this morning, you may not have all your email in your personal account, you will have to log in to your Capital mailbox and see what messages you have received over the last few days that did not forward.

 

During the Holiday break the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
Main website Completed Morning of 12/23/20
Skype for Business Completed Morning of 12/23/20
File Share Drives Completed Morning of 12/24/20
Colleague (myCap, Colleague UI, etc) Completed Evening* of 12/29/20
* Starting at 5pm

 

One other change to happen during the week of the 21st is that the login page for Office 365 will change to the same login page with the “Gate” that you see with MyCap.

Update: This has been completed.

Cloud-based Microsoft applications, including Microsoft Teams, O365 Outlook, Exchange, SharePoint, OneDrive and Azure, went down across the U.S. yesterday.

Users of these services, reported they were unable to login and were presented with a “transient error” message informing them there was a problem signing them in.  These issues appear to have started at around 5:30 p.m. ET, with services not returning to normal for many until 10 p.m. ET.

Two hours after rerouting traffic to “alternative infrastructure,” Microsoft reported improvements in multiple services, however, some of you may still experience sluggishness and degrading service while accessing the 0365 Suite.

The latest update from Microsoft as of 9:25 a.m. reported issues with authentication for its cloud services. The original outage had affected services worldwide, however, as of this morning, it has been isolated to mainly North America and Canada.

The Capital University Department of IT will continue to monitor this situation and update the IT Status Page as we get updated information from Microsoft.

Questions, inquiries or concerns can be directed to the IT Helpdesk, helpdesk@capital.edu or 614-236-6508.

================================================================

Below is the original status update from Microsoft Corporation:

Some users may experience degraded performance while accessing Microsoft 365 services

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 3:15 PM

Start time: September 29, 2020 8:05 AM, End time: September 29, 2020 3:15 PM

Status

False positive

User impact

The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

===============================================================

Title: Some users may experience degraded performance while accessing Microsoft 365 services

User Impact: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur.

Final Status: The investigation is complete and we’ve determined the service is healthy. A service incident did not actually occur. This communication will expire in 24 hours.

Current status: Our initial analysis into network infrastructure and components which facilitate admin portal access indicate that the service is healthy. We’re continuing to review service diagnostics to identity impact.

Scope of impact: At this time, initial indications suggest that impact is limited to North America and Canada.

Next update by: Tuesday, September 29, 2020, 3:00 PM (7:00 PM UTC)

=================================================================

Potential issue with Microsoft 365

MO223049, Microsoft 365 suite, Last updated: September 29, 2020 8:37 AM

Start time: September 29, 2020 8:05 AM

Status

Investigating

User impact

Users may be unable to access or experience degraded performance while accessing Microsoft 365 services.

 

 

 

The following document includes detailed instructions on how to import and install a resource mailbox .PST file for those who have a Windows operating system.  Before you begin this process, you must obtain your resource mailbox .PST file from the department of information technology (IT) by sending your request to helpdesk@capital.edu.

Provide the name of your resource mailbox; your department name and who will be the primary administrator for your resource mailbox.  IT will contact you back with a secured location where you can obtain your resource mailbox .PST file.

Once you have your file, you can proceed with implementing the install process utilizing this help document:  Importing a Resource Mailbox For Windows

If at any time you need help with this install process, please feel free to contact the IT Help-desk, helpdesk@capital.edu or 614-236-6508 for further assistance.

Email/Calendar/Contact Files:

Majority of Outlook PST files for faculty and staff, which contains your emails, calendar, and contact information prior to the August 1st service disruption, have been extracted from the old server and placed in a secured file location.  All email PST file names are listed as  Lastname, Firstname”.

If you do not see your PST file listed yet, it is still in the process of being moved to the file location. IT estimates that all PST files should be moved to the file location by tomorrow afternoon.

Department resource mailboxes are still being extracted and IT will work with departments with installing their mailbox PST file to their cloud account.

If you are off campus, you will need to connect to the campus VPN to locate, download and save your PST file to your computer desktop.  Mac and Window PC users should follow the detailed help document instructions below for their operating system:

Upon downloading your PST file to your desktop, please disconnect from the campus VPN immediately. Please be aware that while your PST file is being pushed to the cloud, your email account and Skype client will not be usable during that time.  

*Important Tips:

Downloading/Installing from off campus:  Please be aware that this process off campus could take several hours depending on your internet speed, size of your PST file, and the number of users that are utilizing the campus VPN simultaneously.

It is recommended that you try to connect to the campus VPN to download your PST file to your desktop after regular work hours.

Downloading/Installing from Campus: The faster method would be to come directly to the Capital campus to utilize the 10G internet speed.  If you chose to come to the campus, please coordinate and communicate your campus visit with your supervisor so that as few people as possible are in shared spaces.

While the end result is that you will be moving your email PST files to your O365 account, you will be using the Outlook program to do so. The instructions provided (Mac or Windows) will help you remove your old Outlook account and create a new account so that it connects to your new O365 account in the cloud.

When everything is complete, you will be able to use email either in the cloud or with the Outlook program. Once your PST file has been installed to your cloud account, you may need to recreate some of your email filters, rules and/or alerts that you previously had.

If you need help with your PST install, please send a request to helpdesk@capital.edu for a desktop remote session.

 

8/10/20

The Department of Information Technology is working diligently to establish full functionality to the institution’s email and telephone infrastructure due to a virus attack.

As of today, all faculty and staff have new Office 365 email accounts in the cloud which can be accessed online for now at https://outlook.com/capital.edu. We will be working with the campus soon in sending out information on how to setup and access your email message through the Microsoft Office program on your computer.

 

We have released and redirected all inbound email messages to your cloud account which was previously stored on our Barracuda spam server as of Friday, August 7th.

Below are our next implementation steps this week for your awareness.  Please be advise that this process is complicated and timely and we appreciate your continued patience as we work out the kinks to establish a successful email work flow.

  • PST Files: A PST file is a personal storage table that stores copies of messages, addresses, attachments, calendar events, contact cards and other personal information used in Microsoft Outlook and/or Microsoft Exchange. Your old PST file will hold information prior to the email outage. IT technicians are currently working on extracting and moving all faculty/staff PST files to your email account in the cloud this week.  This is a new procedure that will need to be tested and vetted prior to full implementation, so we appreciate once again, your patience and understanding as we diligently work out the kinks to this process. We will keep you updated as we get closer to implementation.
  • Resource Mailboxes: Now that the email system is officially migrating to the cloud, setup for resource mailboxes will need to be recreated for cloud usage and accessibility. This is due to the way Microsoft currently configures resource mailboxes to run on their servers in their data centers in the cloud. If you had a resource mailbox that you would like for us to recreate and setup in the cloud with permissions, we kindly ask that you submit a request immediately to helpdesk@capital.edu. When sending your request, we ask that you give us the following information:
    • Name of mailbox(es) you need created;
    • Name of all personnel who needs access to it;
    • Info for a primary contact person (prefer cell phone) so that we can work with that person to ensure the mailbox has been created properly and functioning correctly
  • Distribution Groups: A distribution list allows a user to maintain a list of email addresses and send messages to all of them at once. There are two types of distribution lists—static and dynamic:
    • Static: Members of a static distribution list are added and removed manually by the group administrator(s). During the migration process from on premises to cloud, static distribution lists should not need any reconfiguration or changes. However, we ask that you test your list to see if you get a bounce back message and seek assistance with any issues by contacting helpdesk@capital.edu.
    • Dynamic: Dynamic distribution groups are mail enabled active directory group objects that contains a list of users based on a filter/criteria and the number of users can change automatically at any time based on the filter/criteria. Dynamic lists are best for emailing a list of contacts within the organization such as specific majors, minors, alumni or employees.

If you had a dynamic distribution list, you will need to contact IT, helpdesk@capital.edu to have it recreated and deployed to the cloud.  Please provide the following information:

    • Name of your group;
    • Name of primary contact person (prefer cell phone) so that we can work with that person to ensure mailbox has been created properly and functioning correctly;
    • Contact IT if you are unsure of whether your group is static or dynamic

We apologize for the inconvenience and thank you for your patience.  Please forward any questions, inquiries or concerns to helpdesk@capital.edu and one of our IT professionals will connect with you.

 

8/5/20

We have upgraded and converted Capital’s on-premise email system to the cloud and created new Microsoft Office365 email accounts for all Capital faculty and staff!

You can access your new email account online at: https://outlook.com/capital.edu and login with your Capital username and password. Upon entering your new account, you will notice that you will not have your previous messages, files, documents and folders yet.

As we continue the conversation process, we will begin migrating all email account information that is currently being stored on our Barracuda spam server, to the mailboxes in the cloud. You do not have to do anything and you will automatically start seeing your emails appear in your inbox.

Email messages can be sent out internally, as well as to external email platforms such as gmail, yahoo, however, you will not be able to receive any incoming external email reply messages at this moment. We are currently working on resolving this.

We are continuously working on resource mailboxes and voicemail to email functionality. For those who are in departments that had access and permissions to specific resource mailboxes, these will need to be setup again.  Please email helpdesk@capital.edu for such requests, along with the name(s) of the resource mailbox needed.

We will send out instructions on how to setup Outlook computer software to your Office365 mailbox at a later time, as we are still working on the back end processes of the email system conversion from on-premise to the cloud system.

We thank you for your patience as we work to improve and enhance Capital’s unified communication platform.  Questions and inquiries can be directed to helpdesk@capital.edu.

 

8/4/20

Information Technology is currently working to restore full functionality to Capital’s email system and the Law School webpage this week after a virus attack. Please be assured that all email messages and file system databases are safe and secure as this is our top priority.

Faculty and staff accounts are not able to receive or send emails at this time. Student accounts are still accessible via 0365 and can send email messages to other external email platforms such as gmail, yahoo, however, they cannot receive any incoming email messages. Our spam server, Barracuda, scans all incoming email messages for spam and once cleared, delivers messages to student accounts up in the cloud.

Messages received from outside the university are currently being kept and stored on our Barracuda email protection system server. Those messages will be delivered to all faculty, staff and students once the email system has been repaired and restored.

As part of the email system resolution plan, O365 email accounts for faculty and staff will be created and moved up to the cloud. Faculty and staff O365 accounts will not have any current email messages, files and other archived content until IT migrates this information from the current email system into the cloud. This is a very large project with a short timeframe for implementation, so we ask for your understanding and patience.

Capital phones are working, but because the email service also handles voicemail, this function is not available. Busy signals are normal, as we are seeing a high call volume to certain lines. Departments with specific voicemail and telephone forwarding needs should email helpdesk@capital.edu for assistance.  Our telephone support team will contact you.

We understand the inconvenience this has caused everyone; however, we feel the final results will be very beneficial.  Again, thank you for your patience and understanding.

 

8/2/20

Work is still being done on the email exchange server this morning. Email is not accessible at this time.

 

8/1/2020 9:30am

We are experiencing technical issues with our Exchange server email system this morning.  This affects all faculty and staff accessing email.  We currently do not have an estimated time of resolution to the issue and are working with consultants to resolve the issue as soon as possible.

During the week of December 23rd the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and the outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
EMail Completed Morning of 12/26/19
Colleague (Webadvisor, Colleague UI, etc) Completed Morning of 12/26/19
Skype for Business Completed Morning of 12/24/19
File Share Drives Completed Morning of 12/24/19

There is a growing number of SPAM messages being received that have very little to say other than someone shared an encrypted document via Microsoft Sharepoint, OneDrive, or some other document sharing service. Unfortunately, there is not much in these messages to be able to create a custom block rule that will not also block legitimate email. I.T. would like to share some tips to help identify these (and other) suspicious emails. Please see a picture of the email at the bottom of this post.

  • Be wary of any email asking you to open any attachment from someone or a company you do not know.
  • If the document is important then you should either be expecting it or the sender will tell you more about it in the email.
  • Try to contact the sender directly by phone (not by email), if it is a legitimate sender then they would want you to contact them and should provide proper contact details. It is the spammers and hackers that do not want you to contact the people they impersonate.
  • Legit senders usually call you by your name, they do not use generic salutations such as “Dear valued member,” “Dear account holder,” “Dear customer” or nothing at all as seen in this example.
  • Don’t just check the sender’s first and last name but also look at their email address as you can learn a whole lot. If they list the email is from a company then it would stand to reason that they will use the company’s email system. Note: some devices, such as cell phones with limited screen space, may not show the email address and the name, so if in doubt, check from another device before opening attachments or clicking on any links that you are unsure of the sender. As you can see in the example below the signature text at the bottom of the email says:

    Kristen Hartle PhD
    Director Of Advancement Research
    Weber State University

    and the email address was:

    Kristen Hartle <info@eatio.pk>

    While the first and last names in the email address and the signature text match why is the email address info@eatio.pk? Also, the pk in the email address is the country code for Pakistan (most areas outside of the US use country codes and not .com on thier domain names).

  • Furthermore, the email signature text says the sender is from Weber State University which a quick Google check shows is in Utah and their website is weber.edu – that is not at all like the email address of info@eatio.pk. Also, if they are in Utah then why does the email list an address in Lawrence KS? BTW: Google lists that address as being part of Kansas University (ku.edu). The spammer did not cleanup the spam that he stole from another spammer :).
  • For any link to visit a webpage or to download a document, like the example shows, the best tip is to compare the link’s info with other info that we know. Hover your mouse over (do not click) the download/view button and a pop-up will list where the document exists. In this example you can see it is coming from https://docs.google.com when the message says it is from Microsoft Sharepoint.
  • If you suspect an email is not valid or is suspicious, please forward the email in question to abuse@capital.edu.

If you have any questions, feel free to contact the CapIT Help Desk at: helpdesk@capital.edu

Example of the suspicious email: