In addition to using a password, the technician accounts can also be enforced with Multifactor authentication (MFA), using a software token and an authenticator app installed on a smart phone.
This method provides another layer of security to Take Control accounts. It does not replace the need for credentials, but instead requires an additional security code generated dynamically on a mobile device.
On accounts where MFA is activated, the second authentication method is triggered after the password has been validated. The system requires an additional 6-digit code generated by the software token.
Activate Multifactor authentication for your account
- Click your name in the upper right corner of the Admin Area and select Two Factor Authentication.
- Read the information about MFA set up and click Next.
- Follow the steps to scan the QR code and enter your 6-digit code to confirm the set up.
Enable Multifactor authentication for technicians
- Navigate to Management > Technicians, select a technician, click the ellipsis menu next to their name and select Force Two-Factor Authentication usage.
- Click your User Profile in the top right corner of the Admin Area, and select Two Factor Authentication.
- Copy the QR code or text code to insert in the authenticator app. Use the links provided to download the Google Authenticator for Android and iOS devices or the Microsoft Authenticator for Windows devices.
- Copy the recovery code and store it in a safe place. It is required to revoke this authentication method.
- Select the check box to acknowledge you understand this feature and have copied the recovery code, and then click Activate.
Revoke Multifactor authentication
This authentication method can be revoked from the Admin Area, and from the Windows Console.
- In the Admin Area, select the technician and clear Force Two Factor Authentication usage.
- In the Windows Console, log in to the account that requires the removal, and click Revoke two factor authentication.
What do you want to do?
FAQs
Revoke MFA sessions clears the user's remembered MFA sessions and requires them to perform MFA the next time it's required by the policy on the device.
How do I disable multifactor authentication? ›
You can disable MFA on single basis through: Go to Microsoft 365 admin center -> Users -> Active users -> Select the user -> Manage multifactor authentication -> Select the user -> Disable multi-factor authentication.
How do I stop Microsoft from asking for authenticator? ›
Go to Azure Active Directory > Security > MFA. Under MFA settings, select Additional cloud-based MFA settings. Under service settings, select Microsoft Authenticator app. Change the setting to Disabled.
How do I reset my multi-factor authenticator? ›
Use the Dashboard
- Go to Dashboard > Users Management > Users.
- Click on the user whose MFA you want to reset.
- Click on the Actions button on the top right of the screen.
- Select Reset Multi-factor from the dropdown. ...
- Click Yes, reset it to reset the user's MFA.
What happens if I turn off two factor authentication? ›
Your account is more secure when you need a password and a verification code to sign in. If you remove this extra layer of security, you will only be asked for a password when you sign in. It might be easier for someone to break into your account.
What happens when you disable MFA? ›
If you want to stop requiring a verification method for the selected users, you can turn off MFA. Users will only need their email address and password to sign in after MFA is disabled.
Can I skip Microsoft Authenticator? ›
Bypass Microsoft Authenticator with alternate authentication methods. For example, security questions, backup codes, email verification, biometric authentication, and trusted devices. Each of these add more security or provide an alternative way of verifying your identity.
What if I don't want the Microsoft Authenticator app? ›
1 answer. To stop using the Microsoft Authenticator app and remove it from your account, you'll need to disable two-factor authentication (2FA) or switch to a different 2FA method.
How do I revoke Microsoft Authenticator? ›
Go to https://account.microsoft.com, on the "Security" tab in the "Additional Security Options" section click on "Microsoft Authenticator App" click on "Remove".
How do I enable multi-factor authentication? ›
Turn on MFA for each account or app!
- Go to Settings. It may be called Account Settings, Settings & Privacy or similar.
- Look for and turn on MFA. It may be called two-factor authentication, two-step authentication or similar.
- Confirm. Select which MFA method to use from the options provided by each account or app.
Open your Google Account. In the "Security" section, select 2-Step Verification. You might need to sign in. Select Turn off.
How to turn off two factor authentication Microsoft Authenticator? ›
Turn two-step verification on or off
Sign in to your Microsoft account Advanced security options. Under Additional security and Two-step verification choose Turn on or Turn off. Follow the instructions shown on the screen.
What does multifactor authentication explain about? ›
Multi-factor authentication acts as an additional layer of security to prevent unauthorized users from accessing these accounts, even when the password has been stolen. Businesses use multi-factor authentication to validate user identities and provide quick and convenient access to authorized users.
What is multifactor authentication something you do? ›
Three Main Types of MFA Authentication Methods
- Things you know (knowledge), such as a password or PIN.
- Things you have (possession), such as a badge or smartphone.
- Things you are (inherence), such as a biometric like fingerprints or voice recognition.
How to revoke an authenticator? ›
After you log in to your admin account, go to https://myaccount.google.com/, select "Security" and then look for "Authenticator", you should be able to remove or add new authenticator there.
What happens if you lose your MFA device? ›
You can do this through their official support channels, such as the Microsoft support website or phone support. Explain your situation and let them know that you've lost access to your MFA device and don't have alternative authentication methods. They will guide you through the account recovery process.