For Users with Phone or Text 2FA set-up:

Microsoft Authenticator is much more secure and far less likely to be circumvented by hackers than Phone or Text MFA methods. Contact the helpdesk if you are currently using Phone or Text so they can help you move over to Microsoft's Authenticator.

  • When 2fa is activated, you will receive either a phone call or phone text (SMS) requesting you approve the MFA request. 
  • A common attach technique is to repeatedly submit MFA requests to a user in the hopes they will get irritated by them and accept the request. Multiple requests in a short period are likely malicious.
  • If you did NOT just attempt to access company resources, the MFA request is likely illegitimate. Contact the Helpdesk by phone (650) 935-4838) or email ([email protected]) to help with changing your password and stopping the MFA requests.



MFA with Microsoft Authenticator


By default, when Microsoft MFA is activated, the application displays a number and sends a push verification to the MS MFA app on the enrolled user's device. The user has the option to Approve or Reject the request.


                              &                  


Approving the request will complete the login. 

__________________________________________________________________________


If you receive an MFA request when you are not actively attempting a login to corporate resources, do NOT tap Approve. Tap NO, ITS NOT ME to keep your account secure. 

     


MFA logon requests are not always an indicator of a compromised password; it might be a stale session trying to re-authenticate from one of your existing connections, but it is much better to be safe than sorry. When you click Deny, the MFA app will ask if you want to Dismiss the request or report it as Fraud.


     

  • Tapping "Dismiss" will reject the request but allow future requests to come in. If you receive a MFA verification request you did not initiate, perform the following: 
    • Check to confirm you don't have an authentication request you didn't notice on a minimized window or on your mobile device for refreshing an existing session.
    • If you cannot track the request back to something you are doing, your password needs to be changed.
  • Tapping "Report" will disable your account and alert IT Security to investigate for malicious activity. 
    • Use "Report" when you are receiving multiple unsolicited MFA requests over a short period and need immediate assistance resetting your password