Can I use multiple multi-factor authentication methods?
Yes, and it is the recommended solution. Although you can configure only one phone number for the account, you can have more (max. 5) Microsoft Authenticator applications (on different devices) or applications with an authentication code. You can also have multiple security keys or multiple computers with Windows Hello. Think about how you will log in if you forget your mobile phone or if it breaks.
What should I do if I lose or forget my phone/security key?
If you have set up a backup version of MFA and you have it available, then your problem is easily solved. For example, in addition to Microsoft Authenticator, you have configured the SMS sending, and so you transfer your SIM card to another mobile phone. Or your password management application supports the generation of a verification code and you have set a verification code in it.
You usually will not even need the backup variant – verification using the second factor is recorded on a trusted computer for 90 days, so it would be really unfortunate if the second factor is required of you if you forget your mobile.
If you do not have a backup login method set up and you do not have another login option, please contact the helpdesk
What are the rules for signing in on public computers, i.e. computers in computer labs, workstations and virtual desktops?
To log in to these types of public computers, for security reasons, MFA is required every time you log in to Office 365.
How do I change the default multifactor authentication method?
After logging in on the website https://mysignins.microsoft.com/security-info/, click on “ Security info ” -> “ Set the default login method ” (or “ Default login method -> Change ” ).
Assuming that you have more than one authentication method set up, you can also change the login method once in your own login dialog via the menu “Login options.”
What security key should I buy?
We tested the password-free login with security keys GoTrust Idem Key and Yubikey 5 series. You can also use the GoTrust Idem Key for logging in to the state administration websites with a high guarantee level.
Can I buy a fingerprint reader for Windows Hello?
Yes, the Windows Hello setting in the VŠE information infrastructure environment has been tested with various models of Kensington VeriMark USB readers or with Dell Wired Mouse MS819, which has a fingerprint reader.
How to choose a webcam for Windows Hello? The webcam must be certified for use with Windows Hello, of course you can also purchase an external webcam. Windows Hello settings in the VŠE information infrastructure environment have been tested with Logitech Brio and Lenovo 500 FHD webcams (note that Lenovo camera does not have integrated microphones included).
How do I use the temporary access code generated by the Helpdesk?
You can find a simple guide here.
For what services do I need to have MFA set up in M365?
The mandatory MFA in M365 so far applies to a smaller number of services. It must be used by Microsoft 365 administrators. It must be used by application administrators with M365 authentication – e.g., moodle.vse.cz or Apple School Manager. And also all users who want to log in to InSIS using authentication in relation to Microsoft 365.
We are planning to implement mandatory MFA for risky sig-ins – unusual route, unknown login properties, use of anonymous IP addresses, etc. from June 2022.
Can I set up a mandatory MFA to log in to M365?
Yes. In MS Teams, join the team mandatory-MFA using the code 8zi2hcg. In approximately 5 minutes, MFA will be required each time you sign in to Microsoft 365.
Only this MFA enforcement will secure your Microsoft 365 account from a large number of threats. If you do not do so, if your password leaks, the attacker may be able to read, for example, your school 365 Office mail.