Skip to main content

Get ready for Microsoft multi-factor authentication (MFA) - coming Oct. 7

Starting Oct. 7, ̽»¨ÊÓÆµ will begin using Microsoft’s multi-factor authentication (MFA) system to better protect your account. It works a lot like Duo, which you already use to log in to the MyCUInfo portal—it’s an extra security step to confirm it’s really you.Ìý

If you use campus tools like email or Microsoft Teams, you’ll need to set up Microsoft MFA. Eventually, Microsoft MFA will replace our current Duo MFA. The initial setup process takes about 15 minutes.Ìý

We recommend using the Microsoft Authenticator app on your CU FacMan cell phone, if you have one. You can also use the app on a personal cell device.Ìý

  • Important: Before logging out and reauthenticating, make sure you have a cell phone or another physical phone number added to . If your only registered device is a TEAMS phone, you will get locked out and won't be able to receive the MFA prompt - this means you won't be able to log back in until you contact OIT (IT Service Desk) to have them reset your MFA settings.
  • If you don’t do the verification and enrollment steps now, you will have to do them on October 7 when the enhanced policy is rolled out to everyone on campus.
  • The new policy will only be applied to primary ̽»¨ÊÓÆµ accounts (e.g. buffalor@colorado.edu, rabu1234@colorado.edu), not secondary accounts (e.g. ralphie-su@colorado.edu, OIT@colorado.edu, etc.).
  • The MFA Management Tool can only be used to enroll primary accounts.
  • Note: Alumni and retirees already have the MFA policy applied to their accounts, they don’t need to do anything more at this time.Ìý

How to set up Microsoft MFA:

  1. Connect to campus: Make sure you’re on campus Wi-Fi or connected to the campus VPN.
  2. Save your work: Close any open Microsoft files before starting.
  3. Open the MFA Management Tool: Click on the to check and update your MFA settings.
  4. Make sure you have a valid MFA device. Before logging on and reauthenticating, ensure you have a cell phone or physical phone number added to your MFA devices.  
  5. Choose your MFA Method:  FMIT supports several options:
    • (Preferrred) - Download and install on a CU-issued or personal cell phone.
    • Phone Number – You can use a mobile phone (personal or work) or any outside phone line. Note: CU does not reimburse personal phone use. If you need a work-issued phone, ask your supervisor to submit a request to FMIT@Colorado.edu with authorization and SpeedType for monthly charges and initial cost.
    • TEAMS Phone – Can be used only if you have another backup method added first, during the validation step. If your only registered device is a TEAMS phone, you will get locked out and won't be able to log back in until you contact the IT Service Desk (5-HELP) and verify your identity with a photo ID.
    • YubiKey – A physical USB device ($50–$60 each). Only one device per person is allowed. If lost or forgotten, you’ll need to use another method. CU does not support other USB MFA devices. To request YubiKeys for your department, email FMIT@Colorado.edu with quantity and SpeedType.
  6. Reauthenticate: You’ll be asked to log in again using MFA for Microsoft services. You’ll usually only need to do this once per device or browser session.
  7. Fix issues if needed: If your MFA isn’t working, you can to add or remove additional methods.
  8. Finish setup: Once everything is working click the "enroll in strengthened MFA service" button on the to turn on the new protection.

Why is this change needed?

Over the past few years we have had to respond to a rapidly evolving cybersecurity threat landscape by implementing many new security measures and we appreciate your help to secure our shared information technology environment. Recently, U.S. cybersecurity and intelligence agencies issued a joint advisory warning of potential cyber-attacks from state-sponsored or affiliated threat actors. As a result of these heightened security risks, we must be extra cautious and make use of all the security protections at our disposal.  

MFA is a foundational element in a security strategy since it can significantly decrease the likelihood of your account becoming compromised while also safeguarding the university’s data, finances, and reputation.

²Ï³Ü±ð²õ³Ù¾±´Ç²Ô²õ?Ìý

You can learn more about this new Microsoft MFA policy and the verification and enrollment process on the .Ìý

If you are running into setup issues please contact fmdesktop@colorado.edu.Ìý