Student Multi-Factor Authentication FAQ

Passwords are increasingly easy to compromise. They can often be stolen, guessed, hacked, you could be locked out of your account or someone stealing your information without your knowledge.

With MFA, even if an attacker knows your password, they will not be able to access your account without a successful authentication request via the Microsoft Authenticator App.

The Microsoft Authenticator App is a mobile application (app) that you install on your smart phone or tablet to generate pass codes for login or receive push notifications for easy, one-tap authentication on your mobile device. It works with Microsoft’s Multi Factor Authentication (MFA) service to make your logins more secure.

No. Your password is only verified by your organization and never sent to Microsoft. Microsoft provides only the second factor, using your enrolled device to verify it’s really you who is logging in.

No. The Microsoft Authenticator app has no access to change settings or remotely wipe your phone.

Microsoft verifies the security of your device, such as OS version, device encryption status, screen lock, etc.

Microsoft authentication requests require a minimal amount of data -- less than 2KB per authentication. For example, you would only consume 1 megabyte (MB) of data if you were to authenticate 500 times in a month.

The Microsoft Authenticator App allows passwordless authentication for all Microsoft365 products. Other TRU services may still require you to use your password.

To use passwordless authentication, on the Microsoft Authenticator App you will need to select your Thompson Rivers University account, then select the "Set up Phone Sign-In" section. 

Your device will require a PIN, password, or pattern lock in order to be set up with passwordless authentication. Your fingerprint can also be used if your device supports the use of biometrics.

There are several reasons this could be happening. Please try the following to troubleshoot:
1. Make sure your enrolled device has a cellular network or WiFi connection.
2. Have the Microsoft Authenticator App open when you authenticate.
3. Try these additional troubleshooting steps:

     https://support.microsoft.com/en-us/account-billing/common-problems-with-two-step-verification-for-a-work-or-school-account-63acbb9b-16a1-47b9-8619-6a865e8071a5

No, TRU will not pay for your phone plan. If you do not have a phone plan, we suggest installing the app on an alternate device such as a tablet, which will still be able to receive push notifications and provide pass codes.

If you get a new phone, or if you’ve re-installed the Microsoft Authenticator App, you'll need to re-activate the app. You may enroll your new device yourself using the device management portal.

You will need to log in using a MFA device already configured to your account before adding a new one. If the device you are replacing is your only MFA device and you no longer have access to it, contact the IT Service Desk for assistance.

Yes, you can configure several devices on your Microsoft account via the device management portal. As well, multiple devices of the same type can be added.

Android: Visiting the Google Play Store page for the Microsoft Authenticator App on your Android device will tell you if the app is compatible with your device: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_CA&gl=US

We cannot ensure compatibility of the Microsoft Authenticator App with custom variants or distributions of Android.

iPhone or iPad: The currently supported iOS version for the Microsoft Authenticator App can be found via the following link to the App Store under the Information section: https://apps.apple.com/us/app/microsoft-authenticator/id983156458

Please visit https://support.microsoft.com/en-us/account-billing/common-questions-about-the-microsoft-authenticator-app-12d283d1-bcef-4875-9ae5-ac360e2945dd to read more about Microsoft's Privacy and Security information.

Please visit https://tru.teamdynamix.com/TDClient/84/Portal/Requests/ServiceDet?ID=2017 to create a support ticket.