Setting Up Microsoft 365 MFA

If you have not already done so, set up Microsoft Multi-Factor Authentication (MFA) by following the steps below:

✅ 1. Set up Microsoft Multi‑Factor Authentication (MFA)

MFA is required to sign in to your new email and Microsoft 365.

The preferred authentication method is the Microsoft Authenticator app downloaded from the Apple  App Store  or  Google Play. If you already have the Microsoft Authenticator app for use with CUNY Login MFA, you can also set it up for use with Microsoft MFA. 

The following alternative authentication methods are available if you are unable to download and use the Microsoft Authenticator app: 

• Entering a one-time passcode from a hardware token
  
  
• Receiving SMS text messages to your phone 
  
  
• Responding to a telephone call to your phone 

👉 Setting Up Microsoft MFA when Prompted

If you did not set up Microsoft MFA before it was enabled, you will see a “more information required” message after entering your CUNY Login credentials to access your new CUNY/ Lehman-branded email account or Microsoft 365 Apps. See the following for information on setting up Microsoft MFA upon first login to your Microsoft 365 applications: 

If you have the Microsoft Authenticator app, see the  Overview of Multi-factor Authentication  video on YouTube 

For any supported authentication method (Microsoft Authenticator app, hardware token, SMS text, or phone call), see either of the following: 

• Set up your Microsoft 365 sign-in for multi-factor authentication  on the Microsoft website
  
  
• Set up Security info from a sign-in page  on the Microsoft website

For More Information, See 

• How to add your accounts to Microsoft Authenticator  on the Microsoft website to add your Microsoft 365 account to the Microsoft Authenticator app
  
  
• Set up SMS sign-in as a phone verification method  on the Microsoft website
  
  
• Set up a phone call as your verification method  on the Microsoft website 

Important to Know

• When signing in to your new email or Microsoft 365 apps, follow the Microsoft MFA prompts.
  
  
• When signing in to CUNYfirst, Brightspace, Navigate, or other CUNY systems, continue using the same MFA process you already use today. 
  
  
• Some students who are also CUNY employees may have already completed Microsoft MFA. If so, no additional action will be required. Your employee email address is one of the email addresses associated with the single mailbox.
  
  
• Most users will only see Microsoft MFA prompts when signing in from a new device or browser. 

Important Reminders to Keep Your Information Safe 

Multi-factor authentication is used by CUNY to help keep your information safe, but it only works if it is not shared with others.  

Please remember the following: 

• Never share your password or MFA passcode with anyone — Campus and CUNY IT will never ask for it.
  
  
• Do not respond to an MFA prompt if you did not initiate the login yourself. 
  
  
• Do not click on links or open email attachments in suspicious or unexpected texts and emails.
  
  
• If you receive an email, text message, or phone call asking for your password, MFA passcode, or other sensitive information, treat it as a scam.