Microsoft Authenticator Setup

Download a PDF version of this setup by clicking HERE

Download a Word Document of this setup by clicking HERE

Prefer to watch a video? Get to step 7 first, then visit this link.

What is factor authentication?

Two-factor authentication (2FA), sometimes referred to as two-step verification or dual-factor authentication, is a security process in which users provide two different authentication factors to verify themselves.

The first factor will primarily be a computer/laptop and the second factor can be your phone, a verbal call or a text message. Two-factor makes it harder for criminals to break into your account. If you only use a password to authenticate and the password is weak or has been exposed elsewhere, it leaves an insecure avenue for attacks or fraudulent entry.

When you require a second form of ID, security is increased because this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.

How does authentication work?

When you sign into your O365 account, you will receive a prompt for ID verification using one of the following authentication methods:

Something you know, typically a password
Something you have, such as a trusted device like a phone
Something you are, such as biometrics like a fingerprint

You can authenticate your second factor several ways, however, we strongly encourage you to use the Microsoft Authenticator App if your phone is able to utilize it. It is the fastest verification option allowing you to just tap approve on your phone and adds an extra layer of security.

The Microsoft Authenticator app will function and generate new codes every 30 seconds even when you don’t have cellular coverage.

Can two factor be hacked?

Although it is possible for two-factor authentication to be hacked, the odds are very low and 2FA is certainly the best practice when it comes to keeping accounts and systems secure.

One way two-factor authentication could be hacked happens through the SMS method or, in other words, the method by which a one-time use code is sent to a user’s phone number via SMS or an automated phone call.

This is why we recommend using the Microsoft Authenticator app because it adds extra security and codes are contained within the app.

There have been stories of hackers tricking mobile phone carriers into transferring someone else’s phone number to their own phone. The hackers contact the carriers pretending to be their victims, requesting a new SIM with the victim’s number. They then have access to any authentication code sent to that phone number. Called SIM swapping, this is probably the most common way of getting around 2FA.

But carriers’ own security processes are improving and even acknowledging those risks, 2FA remains a strong and essential tool in the fight against cyber-attacks and identity fraud.

Pre-Requisite

In order to use multi-factor authentication with your Capital account, you will need to ensure the following pre-requisites are met:

  • You have a phone that can receive SMS texts and/or download the Microsoft Authenticator app
  • Have a computer with Office 2016 (or higher) installed
  • Internet access to complete the setup

What if I don’t own a phone or my phone doesn’t work with the app?

If you don’t have a phone or your phone can’t use the authenticator app, you can use a mobile device like your university iPad. Install the Microsoft Authenticator app on the iPad. You will need to keep the iPad with you at all times to authenticate.

You can also receive verification codes via text or receive a voice call to your cell, home or office line. Instructions on how to set this up can be found HERE.

What other factors can I use to authenticate?

Verification method Description
Phone call Sign into your 0365 account from your computer. A call from Microsoft to your phone asking you to verify that it is you signing in. Press the # key on your phone to complete the verification process.
Text message Sign into your 0365 account from your computer. A text message from Microsoft is sent to a your mobile phone with a 6-digit code. Enter this code to complete the verification process.
Microsoft Authenticator App (Passwordless) Sign into your 0365 account from your computer. Microsoft sends a verification request to your mobile app on your phone asking you to Verify or Approve to complete verification process. This needs to be setup.
Code Generator with Microsoft Authenticator App Sign into your 0365 account from your computer. Microsoft sends a verification request to your mobile app asking for the generated verification code. Code changes every 30 seconds. Use this code to sign into your account.

Getting started

  1. If you will be using the Microsoft Authenticator app, you should download and install the app to your cell or mobile device (iPad) first. Visit the app store for your operating system and download for either Android and iOS devices. Setup instructions can be found HERE. You can also watch a video HERE.
  2. Go to your PC and open this link in your web browser – https://aka.ms/mfasetup. This will prompt you to pick a Microsoft account. Select your Capital email account.                                                         
  3. You will be re-direct to the “Capital Gate” sign in page. Enter your Capital email address or username along with your password and click Sign in.

Follow the instructions in the help document to complete registration of 2FA HERE.

What if I need help?

Contact the IT Help Desk, helpdesk@capital.edu or 614-236-6508. We are here to help if you have questions or a special situation that would require our assistance.

During the Holiday break – Monday, December 20, through Friday, December 31 – the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outages will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Start Time
Main website Completed Monday 12/20/2021
Skype for Business Completed Evenings of 12/19/2021*
File Share Drives Completed Tuesday 12/21/2021
VPN services Completed Thursday 12/23/2021
Colleague (myCap, Colleague UI, etc.) Completed Wednesday 12/29/2021*
* Starting after 7pm
* May carryover to next day

 

 

What is Two Factor (2FA)?

Two-Factor Authentication (2FA) is used to strengthen ​the security of user accounts and University business systems that hold sensitive information. It adds another layer of online protection from damaging cyber criminal attacks that cost organizations millions.

As part of this initiative, effective July 12th, 2021, all Windows PC Users will be required to use 2FA when accessing University business systems and resources via VPN (virtual private network). Macintosh Users are currently using 2FA.

Why Two Factor?

We are all used to having one layer of security to protect our account which is our password, however, passwords aren’t enough to protect the University or you against cyber criminals who desire to gain access to resources using compromised credentials.

The goal of 2FA is to provide a higher degree of identity assurance of a user accessing University resources via VPN.  If cyber criminals obtain your username and password, they will still need access to your phone and/or a passcode to get into your account.

Having a second form of identification greatly decreases the chance of a criminal gaining access to devices, sensitive information, fraud and will build secure online relationships due to compromised credentials.

How Does 2FA Work?

You will need to download and install the Microsoft Authenticator App on your phone and configure it to work with your work PC. Detailed step by step instructions can be found below.

Once configured, you will need to use 2FA any time you log into the University’s VPN. You will need to enter your Capital username and password as well as authenticate through your phone. You will be required to use two different sources (factors) to verify your identity:

  • Something you know:  your Capital credentials (username and/or password), and
  • Something you have:  a phone and/or passcode

What If I Don’t Own a Cell Phone?

Please contact the IT Helpdesk, helpdesk@capital.edu or 614-236-6508 to have a ticket created and assigned to our network team. We will work with you directly for a resolution.

Can I Use VPN on my iPad or Other Mobile Device?

At this time, we are only recommending 2FA for your work PC. We will notify you once we are ready to roll out and support 2FA for mobile devices and the iPad.

Need Help? Have A Question or Concern?

If you have questions, concerns or need technical assistance, please contact the IT Helpdesk, helpdesk@capital.edu or 614-236-6508.

===========================================

If you would like to download a PDF copy of these instructions so that you can click on the embedded links in the documentation, please click here.

Microsoft Authenticator Setup

This week, IT was made aware that Microsoft recently activated a global security enhancement feature with all O365 email accounts in which they blocked your ability to forward email messages from your internal O365 account (capital.edu) to any of your external accounts such as Gmail or Yahoo. Internal forwarding, from one capital.edu account to another capital.edu was not affected.

Although Microsoft made this global change, they have allowed an option for IT to enable the external forwarding capabilities again, so we have re-enable this feature as of this morning, which should allow you to continue to forward messages from your internal account to any external accounts.

Please note: Since this change was made this morning, you may not have all your email in your personal account, you will have to log in to your Capital mailbox and see what messages you have received over the last few days that did not forward.

 

During the Holiday break the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
Main website Completed Morning of 12/23/20
Skype for Business Completed Morning of 12/23/20
File Share Drives Completed Morning of 12/24/20
Colleague (myCap, Colleague UI, etc) Completed Evening* of 12/29/20
* Starting at 5pm

 

One other change to happen during the week of the 21st is that the login page for Office 365 will change to the same login page with the “Gate” that you see with MyCap.

Update: This has been completed.

Update:

The Lenel door access control issues from this morning have been resolved. The department of Information Technology had to do a system restore and we will continue to monitor the access control system very closely over the next 24 hours to address any functionality complications. If you encounter any problems accessing any campus buildings, please reach out to the IT helpdesk, 614-236-6508 or helpdesk@capital.edu so that we can help.

Thank you again for your patience and understanding. Have a great day!


The department of Information Technology would like to report that the Lenel door access control system experienced an anomaly this morning that is currently hindering some card readers and ID card functionality on campus. The main symptom that some of you may experience is your ID card not being read correctly by some card readers on the buildings which will prevent you from accessing the building.

We are currently investigating and working closely with our third party support to resolve this issue as quickly as we can. We apologize for the inconvenience and appreciate your patience and understanding as we work through the problem. We will update the campus with more information soon. You can contact the IT Help Desk, helpdesk@capital.edu or 614-236-6508 for periodic updates or to put in a ticket.

Thank you.

During the week of December 23rd the IT Department will be performing system updates for various services outside of our normal maintenance windows. Many of these updates are simple and will just require a server reboot or two and the outage will be brief and intermittent. However, there are a few key systems that will require extended outage time. For those services we will communicate the status below.

 
Service Update Status Planned Time Frame
EMail Completed Morning of 12/26/19
Colleague (Webadvisor, Colleague UI, etc) Completed Morning of 12/26/19
Skype for Business Completed Morning of 12/24/19
File Share Drives Completed Morning of 12/24/19

There is a growing number of SPAM messages being received that have very little to say other than someone shared an encrypted document via Microsoft Sharepoint, OneDrive, or some other document sharing service. Unfortunately, there is not much in these messages to be able to create a custom block rule that will not also block legitimate email. I.T. would like to share some tips to help identify these (and other) suspicious emails. Please see a picture of the email at the bottom of this post.

  • Be wary of any email asking you to open any attachment from someone or a company you do not know.
  • If the document is important then you should either be expecting it or the sender will tell you more about it in the email.
  • Try to contact the sender directly by phone (not by email), if it is a legitimate sender then they would want you to contact them and should provide proper contact details. It is the spammers and hackers that do not want you to contact the people they impersonate.
  • Legit senders usually call you by your name, they do not use generic salutations such as “Dear valued member,” “Dear account holder,” “Dear customer” or nothing at all as seen in this example.
  • Don’t just check the sender’s first and last name but also look at their email address as you can learn a whole lot. If they list the email is from a company then it would stand to reason that they will use the company’s email system. Note: some devices, such as cell phones with limited screen space, may not show the email address and the name, so if in doubt, check from another device before opening attachments or clicking on any links that you are unsure of the sender. As you can see in the example below the signature text at the bottom of the email says:

    Kristen Hartle PhD
    Director Of Advancement Research
    Weber State University

    and the email address was:

    Kristen Hartle <info@eatio.pk>

    While the first and last names in the email address and the signature text match why is the email address info@eatio.pk? Also, the pk in the email address is the country code for Pakistan (most areas outside of the US use country codes and not .com on thier domain names).

  • Furthermore, the email signature text says the sender is from Weber State University which a quick Google check shows is in Utah and their website is weber.edu – that is not at all like the email address of info@eatio.pk. Also, if they are in Utah then why does the email list an address in Lawrence KS? BTW: Google lists that address as being part of Kansas University (ku.edu). The spammer did not cleanup the spam that he stole from another spammer :).
  • For any link to visit a webpage or to download a document, like the example shows, the best tip is to compare the link’s info with other info that we know. Hover your mouse over (do not click) the download/view button and a pop-up will list where the document exists. In this example you can see it is coming from https://docs.google.com when the message says it is from Microsoft Sharepoint.
  • If you suspect an email is not valid or is suspicious, please forward the email in question to abuse@capital.edu.

If you have any questions, feel free to contact the CapIT Help Desk at: helpdesk@capital.edu

Example of the suspicious email: