The Guide To MFA

1. INTRO TO MFA

What MFA is, how it protects you, and what the process involves.

2. PREPPING FOR MFA

Things you should know about MFA and steps to complete ahead of time.

3. FINISH YOUR MFA

On your activation date, follow these steps to complete your setup

4. IMPORTANT TIPS

Things to know after you complete your MFA setup, plus everyday tips

Helpful tip: We've detected you are on a smartphone. You can continue reading, but some instructions will require you to follow a few steps on your smartphone. We recommend you open this page on a computer.

Introduction to Multi Factor Authentication Circle

Introduction to MFA

With the help of SWAT Systems, your employer has opted to activate a new security feature on all Microsoft 365 user accounts. Use this guide to learn what MFA is, how it will be used and what you need to do as part of the activation process.

What Does MFA Mean?

Multifactor authentication, or MFA, sounds like a complex system that the FBI or CIA might use. It's actually very easy to understand. In general, credentials fall into one of three categories: something you know (a password, a PIN number), something you posses (a smart card, a smartphone app), or something you are (your fingerprint, your face).

Up until now, you have used one type of credential to gain access into your Microsoft 365 account: your password. MFA is a security enhancement that, when activated, increases the requirement to two types of credentials. The key to MFA's security enhancement is that your two credentials must come from two different categories. (e.g. Entering two different passwords does not count.)

MFA Two Factor Authentication

With MFA activated, over 90 percent of our clients have found it simple and easy to use on a regular basis. Here's what it looks like: When you go to sign in with your Microsoft 365 email and password, an additional window will ask you to provide one more credential. You take 5-10 seconds to enter a special code or push a button on an app...and you're done!

Frequently Asked Questions

Here is a list of  the most frequently asked questions we have from our users at this point of the MFA process.

Can I Decline to Receive MFA?

The short answer is no. We understand that adding new steps to a familiar routine can seem inconvenient. However, we frequently hear from users that MFA was "not really a big deal" or "a major change." In fact, the most complex part might be reading these informational articles and completing your 10-minute setup. Below are some additional reasons as why MFA is important and required.

COMPANY DATA ACCESS

Like we mentioned before, an Microsoft 365 account has the potential to access a lot of intellectual, company or sensitive employee data from anywhere in the world.

INCREASE IN TARGETED ATTACKS

Microsoft has had a lot of success with Microsoft 365. With millions of accounts worldwide, hackers are increasing their phishing and breach attacks on their users.

FRAUD AND IMPERSONATION

There have been cases of fraudulent transactions. Hackers learn from users' sent emails and impersonate them without their knowledge, until it's too late.

How SWAT Systems Activates MFA for Users

There are two different methods we use when activating MFA for users.

PHASED APPROACH
This is our preferred method as it means we are activating MFA before any security incident has occurred. MFA is activated through a multi-phase project over the course of 3 weeks.

MFA Testing Period
A few of your co-workers will form part of a testing group. They will have MFA activated before anyone else at your company.

Feedback and Dates Set
If any, the testing group reports issues they encountered with MFA. We finalize an email and activation date for remainder of company users.

Activated Users Complete Setup
On the date and time of their activation, users will complete their setup using sections #3 and #4 of this guide, plus their smartphone.

Email Communication
We send an MFA notification email to remainder of users. We include a link to this guide and provide them with their activation date.

ESCALATED APPROACH
If a security incident is confirmed, an escalated approach to MFA is used on the users involved. These steps often take place within a couple of hours. For serious breach incidents, all company users are MFA-activated using this approach.

Password Reset
Your account password is reset using a complex password policy. This ensures any external threats are immidiately closed out.

Email or Verbal Instructions
We send an MFA notification email to affected user(s) with a link to this guide, or call them and provide link/instructions verbally.

MFA Activated
Affected user(s) have MFA activated on their account immediately. There is no testing or waiting period.

User(s) Complete Setup
Affected user(s) must complete their MFA setup (Sections #3 and #4) right away to regain access to their Microsoft 365 account and data.

PHASED APPROACH
This is our preferred method as it means we are activating MFA before any security incident has occurred. MFA is activated through a multi-phase project over the course of 3 weeks.

ESCALATED APPROACH
If a security incident is confirmed, an escalated approach to MFA is used on the users involved. These steps often take place within a couple of hours. For serious breach incidents, all company users are MFA-activated using this approach.

MFA Testing Period
A few of your co-workers will form part of a testing group. They will have MFA activated before anyone else at your company.

Password Reset
Your account password is reset using a complex password policy. This ensures any external threats are immidiately closed out.

Feedback and Dates Set
If any, the testing group reports issues they encountered with MFA. We finalize an email and activation date for remainder of company users.

Email or Verbal Instructions
We send a MFA notification email to affected user(s) with a link to this guide, or call them and provide link/instructions verbally.

Activated Users Complete Setup
On the date and time of their activation, users will complete their setup using sections #3 and #4 of this guide, plus their smartphone.

MFA Activated
Affected user(s) have MFA activated on their account immediately. There is no testing or waiting period.

Email Communication
We send an MFA notification email to remainder of users. We include a link to this guide and provide them with their activation date.

User(s) Complete Setup
Affected user(s) must complete their MFA setup (Sections #3 and #4) right away to regain access to their Microsoft 365 account and data.

Need help? Call 206-436-3016