Drexel Multi-Factor Authentication
Setup Tips
While Multi-Factor Authentication (MFA) works with multiple device types, we recommend using your smartphone for secondary authentication codes.
Supported Devices and Software
Instead of your device's built-in mail app, use the Outlook mobile app.
MFA on an Apple device is only supported on iOS version 11+ or macOS version 12. Once MFA is enabled on these devices, you will need to remove and re-add your account to be able to authenticate against the Office 365 servers:
Set Up Email in iOS Mail
Set Up Email in Outlook for Android
1. Register at least two methods
It is important to have at least two devices enrolled in MFA to prevent difficulty authenticating if there is a problem with your first method (i.e. you or your device deleted the Microsoft Authenticator App). For instance, if you have both your mobile phone and office phone enrolled, you can still authenticate from your office if you accidentally leave your mobile phone at home. If you delete the App but have your phone, you can still receive texted verification codes if you set up that secondary method.
2. Select a default device and authentication method
- Sign in to portal.office.com.
- Click on your user profile icon in the upper right corner.
- Click on My account.
- Click on Security & privacy.
- Click on Update your phone numbers used for account security.
- On what's your preferred option? Choose an option in the drop-down.
- On how would you like to respond?:
- Authenticator App (Recommended): This is where you can configure the Microsoft Authenticator app.
- Authentication phone: This can be a mobile device (that can accept calls or text) or landline phone.
- Click on Save when you are ready to save your changes.
3. Test devices once enrolled
If you enrolled a smartphone or tablet, you can test your device(s) to make sure that the enrollment has been successful.
- Go to the portal.office.com site.
- If the authentication is successful, then your enrollment has been completed properly for that device. Repeat the test authentication for each enrolled device.
For more information and Frequently-Asked Questions regarding Multi-Factor Authentication, see this FAQ on Microsoft's Web site.
Frequently-Asked Questions
MFA is security method that ensures that only you can log into your account. It does this by requiring at least 2 methods of authentication – your password and another piece of information (Microsoft Authenticator App, Text message code or a phone call.)
You log into your account with your Drexel username and password.
You will then get a notification via the method you selected during set up (a mobile app verification, text, or phone call) to verify it is you logging into your account.
Initially you will be prompted on all devices for each Microsoft Office application. Sometimes you can select “Don’t ask again for 60 days” or until you change your password.
Method |
Process
|
Notes
|
Notify me via the App
|
Uses Microsoft Authenticator app to push notifications
|
Recommended option for default method. You only need to select "Approve"
|
Use Verification code from the App
|
Uses Microsoft Authenticator app to retrieve code
|
Good option if you are traveling where you may not have cell service
|
Text a code to my mobile phone
|
Text message to mobile phone
|
Text messages charges may apply
|
Call my phone
|
Automated phone message to selected phone
|
Voice minutes may be used
|
Call my alternative phone
|
Set your office or home phone a backup method
|
This can be a landline or secondary mobile phone
|
When prompted to log in, there is a link to "Sign in another way". Depending on how you have set up MFA you can choose an alternative method you've setup:
- Approve request or use a verification code from Microsoft Authenticator app
- Receive a text message with a code
- Phone call to your mobile phone (only available if you have added another number in MFA)
- Phone call to an alternate phone (only available if you have added another number in MFA)
If you did not receive a verification code, then:
- If you are using your browser, DO NOT REFRESH the page and DO NOT PRESS THE "Back" BUTTON. Doing so might corrupt MFA. Wait a few minutes to see if verification comes through, or contact the IT Help Desk at 215.895.2020.
- If you are accessing Drexel Connect through an app, wait a few minutes or try refreshing the app.
You will lose access to authentication codes sent there, and thus the App as an MFA method. If the App was your only method of MFA, you will not be able to access your MFA Drexel accounts until your MFA registration has been reset and set up again. To prevent getting locked out of your accounts, keep the App on your device and setup a second MFA method.
Note: Some devices have been set by users to delete unused/inactive apps after a select period of time. If your device is set up this way, turn off this setting to prevent deletion of the Microsoft Authenticator App, which might fall into the "unused" category if you checked the box for MFA to remember you for 60 days.
The Microsoft Authenticator app is recommended and supported by Drexel IT. There are a variety of "authenticator" apps (e.g., Google Authenticator) that can work. The other apps do not provide the same functionality with Office 365.
We recommend using the Microsoft Authenticator App if you travel or need to access your Drexel account while out of the country.
The app does a push notification (a pop up on your phone you approve to verify that it is you logging in). It also generates a code every 30 seconds if the push notification is not available. The code does not require you to be on the internet or connected to data, so you do not need phone service to sign in.
Apple iOS - MS Outlook app recommended (requires iOS 11.0 or later), native Mail client (requires iOS 11.0 or later)*
Android - MS Outlook app recommended (requires Android 4.4 or later), native Mail client (depends on your manufacturer)
Windows - Outlook 2016 is the only Outlook version that supports Multi‐Factor Authentication. If you have a Drexel‐owned machine you can install it by going to Software Center. For personally owned devices, install the latest Office version (for free) by going to https://portal.office.com and sign in your Drexel account.
Apple - You must be running High Sierra or above in order to use Microsoft Outlook 2016 or the native Apple Mail client.
*If you had previously manually configured your Drexel account or has just upgraded to iOS 11.x, you will need to delete and re-add your Drexel account.
Apple iOS - Native Mail clients prior to iOS 11
Android - Some native Mail client (depends on your manufacturer), Nine
Windows - Outlook 2013 or earlier, Thunderbird
Apple - Office for Mac prior to 2016 version, the native Apple Mail client with Sierra or earlier, Thunderbird
After you update, or if you already have a supported OS, you may need to REMOVE your Drexel Account and re-add it in order to continue to retrieve messages. To remove the account, go to System Preferences > Internet Accounts > select the Drexel account and hit the minus sign ( ‐ ). Wait a few moments, click the plus (+) and select Exchange.
The "Don't ask again" feature for Multi-Factor Authentication should remember your selection for 60 days, as long as you don't clear your browser cookies. However, some settings might interfere with this feature, and cause it to lose your selection (and thus prompt you for your second factor every time you sign in).
Private Browsing Modes
Are you using an Incognito Window (Chrome) or Private Window (Firefox)? These modes are designed to forget what you do while you’re browsing. Also, separate user profiles won't remember settings from other profiles.
Browser Privacy Settings
Your browser won't remember "Don't ask again" selections if your privacy settings are too strict. Note that the cookie comes from the site https://*.microsoftonline.com, so even if you allow cookies from "sites you've visited," it may be blocking this cookie.
Google Chrome:
- You should be able to "Open your Preferences," click the "Show Advanced Settings" link at bottom, look for the "Privacy" section, click the "Content Settings" button.
- The easiest option is to check "Allow local data to be set." However, if you would like a stricter privacy option, you can choose to add an exception for https://*.microsoftonline.com. Here's a Chrome article about cookies.
Mozilla Firefox:
- Go to "Preferences" > "Privacy."
- In the "Privacy" section, set it to "Firefox Will... Remember History," or if you want to "Use Custom Settings for History," make sure "Remember Cookies" is checked. Here's a Firefox help article about cookies.
macOS Safari:
- Go to Safari "Preferences" > "Privacy" and click "Always Allow." Note: Safari 12 for macOS 10.12 or later does not allow setting exceptions for third-party cookies.
Browser Extensions
Browser extensions you might be using can interfere with the “Don’t ask again” feature. You can temporarily disable an extension to see if that resolves the issue. Here are some we found that interfere:
- VisualPing
- Browser extensions that block cookies (such as ad blocking or privacy plugins)