MFA is when a user is prompted for at least two pieces of identification when logging into services or applications. First is your known log in password, second is something unknown, like a code texted to your phone or an approval on an authentication app. MFA is offered by many different online services, including most email providers and banks, and is likely already enforced for some services you are currently using.
MFA is an important part of our efforts to keep our student and staff information safe and secure, by making it more difficult for attackers to access our systems with login credentials obtained by phishing, guessing, or theft. Microsoft Security Intelligence reports over 80% of recently reported malware cases came from the education sector. (Source: Cyberthreats, viruses, and malware - Microsoft Security Intelligence)
If an attacker discovers a user’s password, through phishing attacks, guessing, leaks, or data breaches, then having MFA enabled would decrease the likelihood of unauthorized users gaining access to OCS emails and services.
Reset or change Azure AD password (OCS login password);
Open an O365 application or O365 website on a device that has been used before but opted to not remember authentication (eg: didn’t check the box “Don’t ask again for 30 days” or “Remember for 30 days” or similar. Wording can change over time with Microsoft revisions;
Open an O365 application or visit an O365 website for the first time on a given device. Each app on each device (laptops/phones/etc.) will need MFA approval;
Never approve an authentication request if you have not been attempting to log in to an OCS or Microsoft application. Do not approve any request for authentication if you did not do something to trigger that request. This is an indication of a possible compromised password. ***Contact IT helpdesk (910-455-2211 ext 71855) to have your password changed.***
Most people will have to use their personal mobile device to provide their MFA. The recommended Microsoft Authenticator app does not use up mobile phone data or share personal information with OCS. The auto generated codes do not require you to be on the Internet or connected to data, so you don’t need phone service to sign in. Additionally, the app stops running when closed therefore does not drain battery.
If a mobile number is entered to receive text/call rather than using authenticator app, this number will not be visible to others. The details of your Azure AD MFA profile are not published.
Yes. MFA is a critical pillar of Onslow County Schools cybersecurity program – namely stopping phishing attacks and unauthorized access by users who have obtained the login details of OCS employees. You are expected to take reasonable precautions to protect yourself and OCS from unauthorized access to your account.