Microsoft 365 (LawKey) Multi-Factor Authentication (MFA)
All faculty, staff, and students are required to setup MFA for their LawKey/Microsoft 365 Account.
By setting up Multi-Factor authentication, you add an extra layer of security to your Microsoft 365 (aka LawKey) account. With MFA, after logging in with your Microsoft 365 email and password — you’ll be prompted to verify your identity—the second step—using a device in your possession, such as a mobile phone.
The Microsoft Authenticator app is the easiest verification method to use. Once the app is installed on your mobile phone, it’s just one click instead of typing in a 6-digit code. And if you travel, you won’t incur roaming fees when you use it.
View Instructions for the Microsoft Authenticator app
All students are required to setup more than one verification method (with the Authenticator app as your default method).
General instructions on setting up and using two-step in Microsoft 365.
Locked out of your account due to MFA problems?
Please review the instructions below first. If you are still unable to access your account, submit an MFA reset request at https://resetlawkey.law.upenn.edu/mfa/. (Note: this form requires that you login with your PennKey to verify your identity.)
“What happens if I get a new phone?”
If you are using the Microsoft Authenticator app for MFA, you will need to re-configure the app any time you get a new phone or mobile device.
You can do this by going to your Microsoft 365 My Sign-ins: Security Info page
Note: Please try accessing the My Sign-Ins page from your laptop first. If you are not able to access, you may need to use the option “Sign in Another Way” on the MFA screen. You can select the option to receive a code via text since you do not have your Authenticator app set up yet. If these methods don’t work, please request an MFA reset.
Once you reach the “My Sign-Ins - Security Info” page:
Delete the existing entry for “Microsoft Authenticator”
Choose “+ Add Method” at the top of the page. Choose “Authenticator App” (if it’s not already selected) from the drop-down menu to begin the steps below.
Start by getting the app. (if it’s not already installed on the new phone)
Set up your account.
Using the Microsoft Authenticator App on your phone, scan the QR code that is provided on the device used to access the MFA/SSPR settings page.
A test notification will be sent to your phone. Approve the notification and then click “Next”.
- Once you’ve completed the above steps, click “Done” and confirm that your Default sign-in method is “Microsoft Authenticator - notification” at the following screen (click “Change” if this is not done so automatically).
Additional Sign-In Methods (Phone Text/Call)
Please set up additional sign-in methods to use, in case your primary method is unavailable.
Instructions for setting up backup options.
For any additional questions or concerns with setting up two-step, please contact the ITS Help Desk (firstname.lastname@example.org, 215-898-9140)