MMFA Quick Guide
Get fast answers to Microsoft's Multi-factor Authentication, including how to setup your preferences. *Note: the app will perform the best while working off-campus.
The purpose of this policy is to establish the requirement to protect the university and its employees from damage related to account compromises by requiring an additional layer of authentication known as multi-factor authentication.
A few months ago, 3rd party companies started to report their single sign-on credentials were being stolen in phishing attacks and being used by attackers to compromise sensitive data stored in 3rd party companies' applications.
For more information, please see UNC's Multi-factor Authentication Policy.
Visit our Traveling Abroad page to ensure your MMFA settings won't interfere with your ability to access UNC accounts.
What is Microsoft's Multi-factor Authentication?
Microsoft Multi-factor Authentication (MMFA) helps safeguard access to UNC data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication when users are off campus.
The security of UNC's system requires a two-step login process. By using multiple authentication factors, the MMFA presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more authentication methods.
Who will this impact?
This policy applies to all faculty and staff as well as any third party or contractor that is issued a university credential. This is in support of University Regulation Article 9 Part1: Information Technology Security Plan.
What to expect?
When you try to access Outlook or Slate, while not connected to the UNC administrative network, you will be prompted to authenticate with a second factor.
Depending on how you choose to set this up, the multi-factor system will call or text your phone with a code, ask for a code from your authentication application, or simply prompt you with an allow or deny from the authentication application.
The app authentication takes a couple of steps to setup. BUT, once it's done, authentication will be a simple button click on your phone.
IM&T recommends this option. This will make authentication simple and easy!
The call authentication requires a phone number to set up - simple, right? Every time you need to authenticate your identity, you will be required to wait for Microsoft's call to your phone.
The text/sms authentication also requires a phone number to set up. BUT, every time you need to authenticate your identity, you will be required to wait for Microsoft's code. Text/SMS messaging is not guaranteed and delivery time of the message depends on your wireless carrier and cell phone coverage. This option is not recommended due to the wait time concerns. IM&T only recommends the Text/SMS Authentication when there is no access to a smart phone and the Authenticator Applications.
You can set up your preferred method of multi-factor by accessing the Multi-factor Setup Portal.
Need help? Check out the MMFA Quick Guide to assist you through the process.
You will be able to exempt your device for up to 60 days before being prompted to use your second factor again. Use the Microsoft Authenticator application on your mobile device and use the “Notify me through app” option. This will walk you through downloading and installing the application and whenever you need to use the multi-factor authentication it will just send a prompt to your phone.
If you do not wish to use the Microsoft Authenticator application, you are welcome to use any of the other options.
Do NOT use your office number as your second authentication factor for access. If you are on the UNC networks, you will not need to use a second authentication factor.
If you get a multi-factor prompt from the application, but you are not trying to login, click the Deny button and report the attempt to firstname.lastname@example.org. It means that someone has your logon credentials.