An Introduction to Multi-Factor Authentication
Navigation links for Government of BC employees (You may be prompted to log in):
What is Multi-Factor Authentication?
- Multi-Factor Authentication (MFA) is a technology we use increasingly often in our daily lives. For example, when you access your online banking application you may be required to respond to a text message sent to your smart phone. The text message communicates a code that you need to input into the banking website. This text message is called a “second factor” and is part of Multi-Factor Authentication – essentially a second way to prove you are who you say you are.
- Like the example above, MFA will allow BC Government employees to use multiple “factors” when accessing the Government’s Microsoft Azure cloud services (e.g. Microsoft O365 Services, MS Teams, Exchange Online, OneDrive, inTune, etc.).
- For a simple overview of MFA, you can view this short YouTube video.
What are MFA Factors?
- The first factor is “What You Know” - this is your BC Government IDIR ID and password
- The second factor is “What You Have” - this is your smartphone with MS Authenticator app installed, a call back number or a physical token.
Why should I use MFA?
- Using MFA will help mitigate many of the cybersecurity threats the BC Government faces every day. MFA will also help mitigate potential damage from phishing emails, credential-stealing and malware attempts against the Azure cloud service.
How will MFA affect me?
- At this time, the sign-in process for MFA will only apply to BC Government employees when they access Microsoft Azure Cloud services (e.g. Microsoft 0365 Services, MS Teams, OneDrive, Exchange Online, inTune, etc.). Once you have registered for MFA, you will be asked periodically to verify your login when accessing these services. A message will be sent to your smart phone, phone number or physical token to which you need to respond with “Approve” or “Deny”, or with a six-digit code from a physical token.
- BC Government employees will not be required to respond to an MFA prompt every time they access Microsoft Azure cloud services and applications. Instead, employees can expect to be MFA prompted about every 90 days or less. In the future, we will review and stay aligned with cloud security best practices regarding frequency of MFA prompts.
How long after I register should I expect the first MFA prompt?
All new users that register for MFA can expect their first MFA prompt the next day, once they access an Azure Cloud service for the first time (e.g. Microsoft O365 Services, MS Teams, Exchange Online, OneDrive, inTune, etc.)
Users that have not registered for MFA by their cohort dates below, will be required to register for MFA before accessing an Azure Cloud service for the first time.
When will MFA roll out start?
- The OCIO will be rolling out MFA for Microsoft Azure cloud services and applications to all government ministries, on a staggered basis from June 2021 through December 2021.
How do I get MFA support?
- Technical support for MFA is available during normal business hours Monday through Friday from 8:30 a.m. to 4:30 p.m. If you need support, please call 250-387-7000 option 1 or toll-free at 1 866-660-0811.
- If you have other questions related to MFA, please contact the OCIO.