Microsoft 365 MFA

Multifactor authentication (MFA) is becoming mandatory on Bocal accounts on Wednesday the 9th of March, 2022. In case you already set up MFA earlier and you changed phone number or removed the authenticator app, you need to remove the old method or you will lose access to your account.

Note

If you lost access to your account, you must reach the relevant department with a proof of identity (ID card, student card) : Student Service Centre (scolarité) if you are a student or a teacher, Katherine Aguilar if you are an alumnus, your department manager or the CRI if you are an employee,

Remove an old MFA method

  • Go to the Microsoft 365 Portal
  • On the top right corner of the page, click on your initials or profile picture if you set one, then on "View account".
  • Click on "Security info".

Security info

You can also follow this link.

  • Next to the old MFA method, click on "Delete".

Delete MFA method

Add a MFA method

When MFA will be mandatory again, you will be forced to add a method on your next attempt to use your Microsoft account.

  • On your next login, you will be redirected to this page.

Use your phone number

This method will make you receive a SMS message or a phone call every time you login to your MFA account.

Note

In some rare cases, this method can be unreliable and it can take up to a few minutes for Microsoft to send you the message.

  • Fill in the page as follow with your phone number.

Add phone

  • You should receive a SMS message from Microsoft with a code.

SMS code

  • Fill in the code in the page and click "Verify".

SMS code in page

Use a TOTP app

This method uses an app and a time-based algorithm to generate codes that you can use to login. This method is much more reliable as code generation is done offline, so you don't have to wait for a message to come. This method requires a smartphone with a TOTP app installed, such as Google Authenticator (Android/iOS), Microsoft Authenticator (Android/iOS) or andOTP (FOSS, Android only). If you don't want to use your smartphone, you can use your computer with WinAuth (Windows only).

  • Select "Mobile app" and check "Use verification code".

TOTP mobile app

  • If you want to use Microsoft Authenticator:
    • Open the app on your phone.
    • Touch the + sign in the top right corner.
    • Touch "Add an account" and choose "Work or school account".
    • Scan the QR code.
  • If you want to use another app:
    • Click on "Configure app without notifications".
    • Open the app on your phone and add an account.
    • Flash the QR code when asked.
  • Click "Next" then "Next" again.
  • Enter the code as seen in the app and click "Verify". Make sure you do it before the code expires, otherwise you will have to do it again.
  • Fill in the form with your phone number and click "Done", it will be used in case you uninstall the app without disabling MFA in your account settings.

Tips

The phone number is not verified by Microsoft, if you do not wish to share your real number or do not have access to a working phone subscription, you may enter a bogus number.

TOTP mobile app

Setting up Thunderbird with MFA

Thunderbird needs a special configuration in order to work with MFA.

To add the account: (skip if account already added to Thunderbird)

  • If this is the first time you open Thunderbird, you should have a form to add a new account. If not, go to ☰ > New > Existing Mail Account
  • Fill in your name and your EPITA email address. You don't need to put your password here.

Add account

  • Click on "Continue" then "Done".
  • Close the tab, you should be on the main Thunderbird window.

To fix the account for MFA:

  • When prompted for a password, click on "Cancel".
  • In the left sidebar, right-click on your EPITA email address and click on "Settings".
  • Under your EPITA email account, click on "Server settings"
  • In "Authentication method", select "OAuth2".

Thunderbird server settings

  • Under "Outgoing Server (SMTP)", edit the server linked to your EPITA email address. In case you have multiple Microsoft 365 accounts, make sure you are editing the one that has your EPITA email address in its configuration.

Thunderbird SMTP server list

  • In "Authentication method", select "OAuth2". Close the window by clicking on "OK".

Thunderbird SMTP server settings

  • Close the tab.
  • Click on "Inbox" under your EPITA account in the left sidebar.
  • A new window should open, login with your Bocal account.

Thunderbird server settings

  • Login with MFA
  • Click "Authorize" if asked
  • Click on "Get Messages" in the top toolbar, this should fetch new folders and messages.