Overview
Account Security measures are becoming more and more important in every facet of ones digital presence.
Educational institutes are being targeted more and more mostly because of the following:
- Large amounts of data (student\parent\staff)
- Many possible ways to access part of all data
- Limited resources\training to prevent attacks\compromises
As result many insurance companies that provide Cyber Insurance are requiring systems to be protected by multi-factor \ 2-factor authentication (MFA\2FA).
You may have encountered MFA when your online bank texts or emails you a code to enter for verification.
What is MFA?
What is Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is the process of using items from different sources to validate one's identity or account. Common sources include:
- Something you know: like a password or Personal Identification Number (PIN);
- Something you have: like a smart card, mobile token, or hardware token; and,
- Some form of biometric factor (e.g., fingerprint, palm print, or voice recognition).
Analogy Time
Imagine you have a safe at home with lots of valuable possessions inside. The safe is protected with a code (something you know), which provides one layer of security. But let’s say someone gets a hold of that code. They can use it to open the safe.
Let’s say that in addition to a code, you also needed another element to open the safe – maybe a key (something you have) or fingerprint scanner (biometrics) . The fact that you need those additional steps to open the safe makes it more difficult for anyone else to open it.
Students / Parents
Not on road map
Currently there is no plan to force MFA on student\parent accounts.
Staff / Contractors
Authenticator App users
If choose to use an authenticator app any action that breaks/remove (ie: removing app, new phone) the registration between authenticator app and Microsoft will require it to be re-registered (contact Helpdesk to clear in valid registration)
MFA User Settings - Setup
To properly use MFA you will need to have at least one sign-in method setup.
You may find an appleid.shakopeeschools.org email registered. You may remove this and enter a personal address if desired.
To setup sign-in methods visit MFA Portal either via 365 - MFA Portal located in Employee Self Service of ClassLink LaunchPad or at http://aka.ms/mfasetup.
- Click “Add Sign-In Method”
- Select desired method to setup and complete prompts
- Once at least one method configured select desired default sign-in method
-
This will vary depending on what methods are setup.
App based authentication is more secure then call/text.
Resources:
- Microsoft (YouTube) Register and manage security info:
- https://youtu.be/k0oiKQK3LjQ?t=99
MFA FOB usage
When prompted for MFA code during account sign in press display button on your issued FOB to display the 6 digit code.
Code is good for 60 seconds. Doughnut in right indicates remaining life of the code, each section is 10 seconds.

Vendors
Implementing
Goal is by mid-school year ‘23-’24 all vendor accounts will be MFA'd
FAQ
I deleted the authenticator app and now unable to verify.
You will need to contact Helpdesk to:
- Remove invalid authenticator registration and allow you to re-register authenticator app.
- Issue temp pass code
I got a new phone and now authenticator isn't valid.
You will need to contact Helpdesk to:
- Remove invalid authenticator registration and allow you to re-register authenticator app.
- Issue temp pass code
I am not in building and cannot get confirmation call on desk phone.
You will need to contact Helpdesk to either:
- Issue temp pass code have either remove
- Add additional phone #