Configuring phone call verification as default for Multi-factor Authentication

When should you use Phone Calls as your default sign-in method?

Because there is no way to enter verification codes in our VPN client software, users are required to use either the Microsoft Authenticator - notification or a Phone - call as their default sign-in method for MFA. If you have an iOS or Android device, we strongly suggest following the instructions here to use the Authenticator as your default sign-in method. Users who do not have an iOS or Android device should use the instructions below to set their default sign-in method to Phone - call. When using the Phone - call method, you will receive a call each time you encounter an MFA challenge, and can approve or deny the request using your phone keypad.

How do I set Phone Calls as my default sign-in method

1. Visit https://mysignins.microsoft.com/security-info on your computer, entering your SLU credentials and using SMS text verification codes to log in.
2. In the Security Info section, note your current Default sign-in method. If this is your first time accessing your account security info, it is likely set to use Phone - Text. Since you cannot enter text codes in the VPN client, click Change next to your Default sign-in method.
3. In the Change Default Method drop-down menu, select Phone - call <your phone number>, then select Confirm. 
4. You should briefly see a green text box in the upper right hand corner of the page informing you that you have successfully updated your sign-in method.
5. Your default sign-in method has now been changed and you can sign out or close your web browser.

How does Phone Call verification work?

1. When you attempt to access a service or resource secured by MFA and need to validate your identity (i.e. when connecting to the VPN), the sign-in service will initiate a call to the phone number registered with your account.
2. When you answer the call, you will hear "This is Microsoft sign-in system. If you are trying to sign in, press the pound (#) key."
3. If you initiated this request, press the # key on your phone keypad to approve the request.
   1. If you are unsure of the source of the request, you can decline by disconnecting the call without keypad input.
   2. If you know you did not initiate the request and suspect fraud, you can enter 0# on the phone keypad. This will place an immediate block on your account to limit further abuse and alert IT staff for review and follow-up. Be aware that you will not be able to sign in to any services until IT has reviewed your account and lifted the block put in place by the fraud report.
4. The sign-in service will play a thank you message, grant you access to the target service or resource, and disconnect the call.
5. You should now be signed in to the target resource from step 1.