Configuring Multi-Factor Authentication (MFA) for Your PSD Account

Purpose: Describe how staff setup multi-factor authentication (MFA) for their district network account.

Note: The office phone option described in the video is no longer an MFA option offered my Microsoft, the option has been retired.

What is MFA?

MFA adds a second check (beyond your password) to verify it’s really you—e.g., a text code, phone call, or approval in the Microsoft Authenticator app. This prevents unauthorized logins even if a password is guessed or stolen.

When you’ll be prompted to set up MFA

Technology will enable MFA on your account and give you advance notice. The next time you sign in, you’ll see a setup screen guiding you to choose a second-factor method.

Choose your MFA method (any of the following)

Text message (SMS) to a mobile phone – You receive a 6-digit code.
Phone call – You receive an automated call.
Microsoft Authenticator mobile app (Recommended) – You get a push notification to Approve or Deny; no codes to type.

Recommendation: Use Microsoft Authenticator (Push) for the fastest, lowest-friction experience. Keep SMS as a backup.

One-time enrollment (first login after MFA is enabled)

Sign in with your PSD email and password.
On the “Keep your account secure” prompt, pick your method:
- Phone (Text message): Enter your mobile number → you’ll get a code → enter the code → Done.
- Microsoft Authenticator:
  - On your phone, install Microsoft Authenticator from the Apple App Store or Google Play.
  - On the MFA setup screen, choose Mobile app → Receive notifications for verification.
  - In the app: Add account → Work or school account → Scan QR code shown on your computer.
  - Approve the test notification.
That’s it. After enrollment, you’ll only see MFA occasionally on that device (roughly every 180 days or when something changes—new device, new service, unusual activity).

Using MFA later (what it looks like)

Authenticator (push): A banner appears on your phone—tap Approve if the sign-in is yours; Deny if it isn’t.
Text message: Enter the 6-digit code you receive.
Phone call: Answer and follow the prompt (press #).

Security Tip: If you get an approval request you didn’t initiate, tap Deny (or ignore it) and change your password.

Manage or change your MFA methods (any time)

Go to Microsoft 365 on the web (Outlook/OneDrive/Teams in a browser).
Click your profile (top-right) → View account → Security info.
From here you can:
- Change default sign-in method (e.g., switch from SMS to Authenticator push).
- Add/Remove methods (Phone, Microsoft Authenticator).
- Update phone numbers.

Best practices

Set up at least two methods (e.g., Authenticator + SMS) in case you lose your phone.
Never approve a push notification unless you just tried to sign in.

Common issues & quick fixes

No QR code on screen anymore: In Authenticator choose Sign in instead of scan; sign in with your PSD email/password to pair the app.
Changed phone number / new device: Go to Security info and add the new number/device first, then remove the old.
Didn’t receive a text/call: Try an alternate method (push or call), verify the number, or move to an area with better signal.
Repeated prompts on the same device: Sign out and back in once; if it continues, contact the Help Desk.