Multi-factor Authentication at CCPS

Calvert County Public Schools (CCPS) employs Multi-factor Authentication (MFA) as a mechanism for ensuring that the person logging into one of our accounts is indeed the individual we believe them to be.  In these times when malicious and phishing email attacks are a daily occurrence, MFA provides a way to limit the impact of these attacks and help ensure that only authorized people are accessing our systems. This helps us to protect not only our email, but all of our data and applications connected to Office 365.

What is Multi-factor Authentication (MFA)?

Multi-factor Authentication is a method of authentication that requires more than one verification method.  This adds an additional layer of security when users sign-in to their Calvert County Public Schools Office 365 account.  This is performed by requiring more than one method of verifying who is really logging into the account.

How it works:  MFA works by requiring both of the following verification methods to access your account:

  • Something you know (your Calvert County Public Schools username & password)
  • Something you have (a trusted device – your mobile phone, or other phone).

Getting Started

Prerequisites

In order to use multi-factor authentication with your Calvert County Public Schools account, you will need to ensure the following prerequisites are met:

  • You have a phone that can either receive phone-calls, SMS texts
    – and/or –
  • You have a mobile phone to download the Microsoft Authenticator app

Setup Multi-Factor Authentication

Using the prerequisites above, you will need your phone or mobile phone, a computer, and Internet access to complete the setup.

Step 1: Enroll in Multi-Factor authentication

1. To enroll in MFA, visit here first: https://aka.ms/mfasetup

2. Enter your email address and click Next:

3. Enter your password and click Sign in:

4. You will receive the prompt asking you to set up Multi-factor Authentication. Click Next to continue:

5. The next screen will ask you to set up your verification options:

Select Your Multi-Factor Verification Option

6. Choose the authentication option you would like to use when you sign into your Office 365 account and follow the prompts to complete the set up.

The following is a list of methods that can be used for this second type of verification.

Verification methodDescription
Phone callA call is placed to a your phone asking you to verify that it is you signing in. Press the # key on your phone to complete the verification process. 
Text messageA text message is sent to a your mobile phone with a 6-digit code. Enter this code to complete the verification process.
Mobile app notification (requires download of Microsoft Auntenticator App on your phone)A verification request is sent to your mobile phone asking your complete the verification by selecting Verify/Approve from the mobile app. This occurs if app notification is the primary verification method. If you receive this notification when you are not signing in, you can report it as fraud.
Verification code with mobile app (requires download of Microsoft Auntenticator App on your phone)The mobile app on your device generates a verification code. This occurs if you selected a verification code as your primary verification method.

Frequently Asked Questions

Do I have to input both verification steps every time I log in?

It depends. Specifically, on where you are and how you set up MFA.

Location:

  • On the Calvert County Public Schools’ network, you will not be prompted for the MFA verification for your Office 365 credentials
  • Outside of the Calvert County Public Schools’ network, you will be required to verify using MFA. 

Settings:

60 day check box

On the MFA log in screen there is a box you can check so that MFA only prompts you for verification approximately every 60 days.

This check box needs to be selected for each different browser & computer/device you use – if you want to use the 60 day grace period.

Additionally, if you use multiple devices to access your Office 365 account, you will need to select the 60 day check box for each different device as well.

We recommend clicking on the 60 day check box only from computers/locations that you trust, like your home, or your parents house.

What happens if I don’t receive the MFA notification?

On the log in screen there is a link to “sign in a another way”.

Depending on how you have set up MFA you can choose one the following:

  • Text
  • Phone call to your mobile phone
  • Phone call to an alternate phone (only available if you have added another number in MFA)
  • Approve a request (only for Microsoft Authenticator App users)
  • Verification code from mobile app (only for Microsoft Authenticator App users)

Note:  You can add an alternate phone number at any time by going to the security settings in O365 for MFA

Can I use a different verification method option for a “one-time” authentication?

If you didn’t receive the notification on your phone you can choose to have the verification resent or choose a different method of verification.

To try signing in with a different method, follow these steps:

  1. On a computer, go to portal.office.com
  2. Sign into Office 365 with your username and password.
  3. When the two-step verification page opens, choose get a code a different way.  
  4. Select the verification option you want to use.
  5. Continue with two-step verification.

How do I change my verification method?

If you want to change how you receive your verification through Office 365, there are several options you can choose from:

  • Calling your authentication phone
  • Text a code to your authentication phone
  • Notify you through a push notification on the Microsoft Authenticator app – (If you want to use the Microsoft Authenticator App download the app first, then follow the instructions below.)
  • Enter a code from the App

 Instructions:

1. To change your MFA verification, visit: https://aka.ms/mfasetup

2. Under “what’s your preferred option?” click on the drop down arrow and select the notification option you would like.

3. If you are setting up text or a phone call for verification make sure your phone number is correct and checked then choose Save.  You will be prompted to verify your preferred method. Once you have verified that the notification worked you can close out of Office 365.

4. If you are setting up the Microsoft Authenticator App – select Notify me through the app from the drop down and check the Authenticator App box then click on Configure.

‌5.  You will then open the Microsoft Authenticator app on your cell phone and add your Calvert County Public Schools account (instructions on downloading the app are available at the top of the page for both Android and iPhone). Take a picture of the QR code then click Next.

6.  You will then be prompted to verify your preferred method.   Once successfully verified you can close out of Office 365.

What do I do if I don’t have a mobile phone?

A mobile phone is not required to perform action on MFA, but a phone number, like a home or office phone, is required to receive a call with the authentication code.

What do I do if I don’t have a mobile phone or home phone?

Staff members should contact the DIT Help Desk to discuss your options if you do not have a mobile or home phone.

Students should contact their teacher or main office staff to discuss options if you do not have a mobile or home phone.


Additional Resources

Quick video showing how to set up MFA with the Mobile App

Need more help? Microsoft’s website provides great resources and training information on using Multi-Factor Authentication for your account. Please visit Microsoft’s website for an overview, getting started, how-to’s, troubleshooting, and more FAQs.