What is Multi-Factor Authentication (MFA)?
MFA is a security system that requires users to verify their identity through multiple credentials before gaining access to a system. In essence, it adds an extra layer of protection beyond the traditional username and password. This additional layer is usually something you physically have, such as a mobile device or token.
This Microsoft page on multi-factor authentication and has a helpful video explaining how MFA works and how important it is in today’s connected world.
Benefits of MFA for Your School:
- Enhanced Security: When implemented, MFA significantly reduces the risk of unauthorized access to systems, protecting sensitive data and the privacy of student and staff information.
- Mitigation of Cyber Threats: The education sector is a target for cyber threats. MFA acts as a powerful deterrent by making it exponentially more challenging for malicious actors to compromise accounts.
- Compliance: Implementing MFA aligns with industry best practice, regulatory requirements, and DfE Digital Technical Standards. This ensures your school meets or exceeds your data protection obligations.
Q&A’s for our schools
- When will I be prompted for my MFA credentials?
When you sign-in from a new device or location.
- Will I be prompted for my MFA credentials every time I login?
No, you will be given the option to save your MFA credentials for 14 days.
- What additional device is needed for the credentials?
A mobile phone with an authenticator app installed.
- What if I am not able to have my phone with me when I log on?
Please log a call with the service desk to discuss your options.
- What app will I need to download on my phone?
Microsoft Authenticator or Google Authenticator.
- How do I set up the app initially?
Please read through the Schools ICT official guidance (to follow) or see here for Microsoft instructions:
Microsoft – How to use two-step verification with your Microsoft account
- Will it still work if my phone doesn’t have a signal?
Yes, via the relevant Microsoft/Google Authenticator app.
- I don’t have a phone which can download the app, is there an option to receive a text message instead?
Yes (text messages do require a mobile signal).
Will this affect Microsoft Teams and/or Google Classroom emails used by pupils for ICT lessons?
No, MFA will only be enabled on staff accounts. This will not affect student accounts.
- I work for multiple schools – how will the phased implementation affect me?
If your email domain (@schoolname.com) is the same across multiple sites, then Multi-factor Authentication (MFA) will be enabled on the date specified for your trust/federation/academy. If you have multiple email domains, then MFA will be enabled for each of your separate accounts on the date specified for each individual school. We would strongly advise you enable MFA yourself following the Schools ICT guide.
- Our school has a policy banning staff from using mobile phones, how can we use a MFA app?
Please consider amending your policy. The DfE suggest in their Mobile Phone Guidance (page 8) that “There may be occasions where it is appropriate for a teacher to use a mobile phone or similar device, for instance to issue homework, issue rewards and sanctions or use multi-factor authentication.”
- I have an iPhone. What version iOS is required for the Microsoft Authenticator app?
iOS version 15.0 or later is required.