In response to escalated global security threats, OIT is implementing measures to strengthen multi-factor authentication (MFA) to better protect you, your data and CU Boulder’s shared information technology environment.  A critical first step is to enroll in a strengthened Microsoft MFA policy before the extended October 7 deadline. By proactively enrolling in the strengthened policy before the October 7 enforcement begins, you can ensure that the enrollment process happens at a time that is convenient for you and limits disruptions to your work.  

How to enroll 

Assuming that you don’t need to change your Microsoft MFA methods as highlighted in step 4, the MFA verification and enrollment process outlined below should take no more than ten minutes. If your computer is not part of the Secure Computing Program, you will need to be on the campus VPN or on the campus network to open the Microsoft MFA Management Tool in Step 2. 

1. Save any open Microsoft files before using the Microsoft MFA Management Tool.
2. Open the Microsoft MFA Management Tool to verify your device’s Microsoft MFA methods.
3. You will be required to reauthenticate for all Microsoft services by using Microsoft MFA. You should only need to do this once per device, or once per browsing session for web-based applications.
4. If your MFA methods are not working, learn how to find and update security info to add additional MFA methods and remove old ones. For most users, OIT recommends setting up the Microsoft Authenticator app.
5. Once your MFA method(s) have been verified, you should enable the strengthened policy by clicking the enrollment link.

Please note 

• If you don’t do the verification and enrollment steps now, you will have to do them at the time the policy is enforced for your account.
• The new policy will only be applied to primary CU Boulder accounts (e.g. buffalor@colorado.edu, rabu1234@colorado.edu), not secondary accounts (e.g. ralphie-su@colorado.edu, OIT@colorado.edu, etc.), and so this MFA Management Tool can only be used to enroll primary accounts.
• Alumni and retirees already have the strengthened MFA policy applied and will not need to take any action.

Why the deadline was extended

In order to balance efforts to limit security risk with the start of the semester activities, OIT had originally planned to enforce the strengthened Microsoft MFA policy starting on September 15. However, with only a small number of people having proactively enrolled in the strengthened policy, OIT decided to extend the deadline so that more people can proactively enroll and reduce the chance that the policy enforcement will disrupt campus activities. 

Why this change is needed

Over the past few years we have had to respond to a rapidly evolving cybersecurity threat landscape by implementing many new security measures and we appreciate your help to secure our shared information technology environment. Recently, U.S. cybersecurity and intelligence agencies issued a joint advisory warning of potential cyber-attacks from state-sponsored or affiliated threat actors. As a result of these heightened security risks, we must be extra cautious and make use of all the security protections at our disposal.  

MFA is a foundational element in a security strategy since it can significantly decrease the likelihood of your account becoming compromised while also safeguarding the university’s data, finances, and reputation.

Get help

You can learn more about this new Microsoft MFA policy and the verification and enrollment process on the Multi-Factor Authentication FAQ page. The OIT website also has more information about both Microsoft MFA and Duo MFA. If you need help with this MFA verification and enablement process, please contact the IT Service Center at oithelp@colorado.edu or call 303-735-4357.