Verified Commit 0bdc50ac authored by Nicolas Froger's avatar Nicolas Froger
Browse files

accounts: mfa: rename 2fa to mfa, use Microsoft 365 name instead of Bocal



Signed-off-by: Nicolas Froger's avatarNicolas Froger <nico@cri.epita.fr>
parent fe6dd7d5
Pipeline #158403 passed with stage
in 20 seconds
# Bocal 2FA Moved [here](m365_mfa.md).
Two-factor authentification (2FA) is becoming mandatory on Bocal accounts on
**Wednesday the 9th of March, 2022**. In case you already set up 2FA earlier
and you changed phone number or removed the authenticator app, you need to
remove the old method or **you will lose access to your account**.
## Remove an old 2FA method
!!! warning
You need to follow these steps before **Wednesday the 9th of March, 2022**
if you set up 2FA in the past and changed phone numbers afterwards. You also
have to do this if you set up the Microsoft Authenticator app (or any TOTP
app) and uninstalled it without disabling it in your account settings. If
you don't follow this, **you will lose access to your account** when 2FA
will be mandatory again.
* Go to the [Office356 Portal](https://portal.office.com)
* On the top right corner of the page, click on your initials or profile picture
if you set one, then on "View account".
* Click on "Security info".
![Security info](assets/2fa_update_1.png)
You can also follow [this link](https://mysignins.microsoft.com/security-info).
* Next to the old 2FA method, click on "Delete".
![Delete 2FA method](assets/2fa_update_2.png)
## Add a 2FA method
When 2FA will be mandatory again, you will be forced to add a method on your
next attempt to use your Office account.
* On your next login, you will be redirected to [this page](https://aka.ms/MFASetup).
### Use your phone number
This method will make you receive a SMS message or a phone call every time you
login to your Office account.
!!! note
In some rare cases, this method can be unreliable and it can take up to a
few minutes for Microsoft to send you the message. Multiple tries are
sometimes required.
* Fill in the page as follow with your phone number.
![Add phone](assets/2fa_add_phone_1.png)
* You should receive a SMS message from Microsoft with a code.
![SMS code](assets/2fa_add_phone_2.jpg)
* Fill in the code in the page and click "Verify".
![SMS code in page](assets/2fa_add_phone_3.png)
### Use a TOTP app
This method uses an app and a time-based algorithm to generate codes that you
can use to login. This method is much more reliable as code generation is done
offline, so you don't have to wait for a message to come. This method requires a
smartphone with a TOTP app installed, such as Google Authenticator
([Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)/[iOS](https://apps.apple.com/us/app/google-authenticator/id388497605)),
Microsoft Authenticator
([Android](https://play.google.com/store/apps/details?id=com.azure.authenticator)/[iOS](https://apps.apple.com/us/app/microsoft-authenticator/id983156458))
or [andOTP](https://f-droid.org/en/packages/org.shadowice.flocke.andotp/) (FOSS,
Android only). If you don't want to use your smartphone, you can use your
computer with [WinAuth](https://winauth.github.io/winauth/download.html)
(Windows only).
* Select "Mobile app" and check "Use verification code".
![TOTP mobile app](./assets/2fa_totp_1.png)
* If you want to use Microsoft Authenticator:
* Open the app on your phone.
* Touch the + sign in the top right corner.
* Touch "Add an account" and choose "Work or school account".
* Scan the QR code.
* If you want to use another app:
* Click on "Configure app without notifications".
* Open the app on your phone and add an account.
* Flash the QR code when asked.
* Click "Next" then "Next" again.
* Enter the code as seen in the app and click "Verify". Make sure you do it
before the code expires, otherwise you will have to do it again.
* Fill in the form with your phone number and click "Done", it will be used in
case you uninstall the app without disabling 2FA in your account settings.
![TOTP mobile app](./assets/2fa_totp_2.png)
## Setting up Thunderbird with 2FA
Thunderbird needs a special configuration in order to work with 2FA.
**To add the account:** (skip if account already added to Thunderbird)
* If this is the first time you open Thunderbird, you should have a form to add
a new account. If not, go to ☰ > New > Existing Mail Account
* Fill in your name and your EPITA email address. You don't need to put your
password here.
![Add account](assets/2fa_thunderbird_init.png)
* Click on "Continue" then "Done".
* Close the tab, you should be on the main Thunderbird window.
**To fix the account for 2FA:**
* When prompted for a password, click on "Cancel".
* In the left sidebar, right-click on your EPITA email address and click on
"Settings".
* Under your EPITA email account, click on "Server settings"
* In "Authentication method", select "OAuth2".
![Thunderbird server settings](assets/2fa_thunderbird_serversettings.png)
* Close the tab.
* Click on "Inbox" under your EPITA account in the left sidebar.
* A new window should open, login with your Bocal account.
![Thunderbird server settings](assets/2fa_thunderbird_login1.png)
* Login with 2FA
* Click "Authorize" if asked
* Click on "Get Messages" in the top toolbar, this should fetch new folders and
messages.
# Microsoft 356 MFA
Multifactor authentication (MFA) is becoming mandatory on Bocal accounts on
**Wednesday the 9th of March, 2022**. In case you already set up MFA earlier
and you changed phone number or removed the authenticator app, you need to
remove the old method or **you will lose access to your account**.
## Remove an old MFA method
!!! warning
You need to follow these steps before **Wednesday the 9th of March, 2022**
if you set up MFA in the past and changed phone numbers afterwards. You also
have to do this if you set up the Microsoft Authenticator app (or any TOTP
app) and uninstalled it without disabling it in your account settings. If
you don't follow this, **you will lose access to your account** when MFA
will be mandatory again.
* Go to the [Microsoft 365 Portal](https://portal.office.com)
* On the top right corner of the page, click on your initials or profile picture
if you set one, then on "View account".
* Click on "Security info".
![Security info](assets/mfa_update_1.png)
You can also follow [this link](https://mysignins.microsoft.com/security-info).
* Next to the old MFA method, click on "Delete".
![Delete MFA method](assets/mfa_update_2.png)
## Add a MFA method
When MFA will be mandatory again, you will be forced to add a method on your
next attempt to use your Microsoft account.
* On your next login, you will be redirected to [this page](https://aka.ms/MFASetup).
### Use your phone number
This method will make you receive a SMS message or a phone call every time you
login to your MFA account.
!!! note
In some rare cases, this method can be unreliable and it can take up to a
few minutes for Microsoft to send you the message. Multiple tries are
sometimes required.
* Fill in the page as follow with your phone number.
![Add phone](assets/mfa_add_phone_1.png)
* You should receive a SMS message from Microsoft with a code.
![SMS code](assets/mfa_add_phone_2.jpg)
* Fill in the code in the page and click "Verify".
![SMS code in page](assets/mfa_add_phone_3.png)
### Use a TOTP app
This method uses an app and a time-based algorithm to generate codes that you
can use to login. This method is much more reliable as code generation is done
offline, so you don't have to wait for a message to come. This method requires a
smartphone with a TOTP app installed, such as Google Authenticator
([Android](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2)/[iOS](https://apps.apple.com/us/app/google-authenticator/id388497605)),
Microsoft Authenticator
([Android](https://play.google.com/store/apps/details?id=com.azure.authenticator)/[iOS](https://apps.apple.com/us/app/microsoft-authenticator/id983156458))
or [andOTP](https://f-droid.org/en/packages/org.shadowice.flocke.andotp/) (FOSS,
Android only). If you don't want to use your smartphone, you can use your
computer with [WinAuth](https://winauth.github.io/winauth/download.html)
(Windows only).
* Select "Mobile app" and check "Use verification code".
![TOTP mobile app](./assets/mfa_totp_1.png)
* If you want to use Microsoft Authenticator:
* Open the app on your phone.
* Touch the + sign in the top right corner.
* Touch "Add an account" and choose "Work or school account".
* Scan the QR code.
* If you want to use another app:
* Click on "Configure app without notifications".
* Open the app on your phone and add an account.
* Flash the QR code when asked.
* Click "Next" then "Next" again.
* Enter the code as seen in the app and click "Verify". Make sure you do it
before the code expires, otherwise you will have to do it again.
* Fill in the form with your phone number and click "Done", it will be used in
case you uninstall the app without disabling MFA in your account settings.
![TOTP mobile app](./assets/mfa_totp_2.png)
## Setting up Thunderbird with MFA
Thunderbird needs a special configuration in order to work with MFA.
**To add the account:** (skip if account already added to Thunderbird)
* If this is the first time you open Thunderbird, you should have a form to add
a new account. If not, go to ☰ > New > Existing Mail Account
* Fill in your name and your EPITA email address. You don't need to put your
password here.
![Add account](assets/mfa_thunderbird_init.png)
* Click on "Continue" then "Done".
* Close the tab, you should be on the main Thunderbird window.
**To fix the account for MFA:**
* When prompted for a password, click on "Cancel".
* In the left sidebar, right-click on your EPITA email address and click on
"Settings".
* Under your EPITA email account, click on "Server settings"
* In "Authentication method", select "OAuth2".
![Thunderbird server settings](assets/mfa_thunderbird_serversettings.png)
* Close the tab.
* Click on "Inbox" under your EPITA account in the left sidebar.
* A new window should open, login with your Bocal account.
![Thunderbird server settings](assets/mfa_thunderbird_login1.png)
* Login with MFA
* Click "Authorize" if asked
* Click on "Get Messages" in the top toolbar, this should fetch new folders and
messages.
...@@ -13,7 +13,7 @@ nav: ...@@ -13,7 +13,7 @@ nav:
- Accounts: - Accounts:
- CRI and Bocal accounts: 'accounts/accounts.md' - CRI and Bocal accounts: 'accounts/accounts.md'
- Recover and modify passwords: 'accounts/passwords.md' - Recover and modify passwords: 'accounts/passwords.md'
- 'accounts/bocal_2fa.md' - 'accounts/m365_mfa.md'
- Working from school: - Working from school:
- PIE: 'from_school/pie.md' - PIE: 'from_school/pie.md'
- 'from_school/wifi.md' - 'from_school/wifi.md'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment