Body
When should you use Phone Calls as your default sign-in method?
Because there is no way to enter verification codes in our VPN client software, users are required to use either the Microsoft Authenticator - notification or a Phone - call as their default sign-in method for MFA. If you have an iOS or Android device, we strongly suggest following the instructions here to use the Authenticator as your default sign-in method. Users who do not have an iOS or Android device should use the instructions below to set their default sign-in method to Phone - call. When using the Phone - call method, you will receive a call each time you encounter an MFA challenge, and can approve or deny the request using your phone keypad.
How do I set Phone Calls as my default sign-in method
- Visit https://mysignins.microsoft.com/security-info on your computer, entering your SLU credentials and using SMS text verification codes to log in.
- In the Security Info section, note your current Default sign-in method. If this is your first time accessing your account security info, it is likely set to use Phone - Text. Since you cannot enter text codes in the VPN client, click Change next to your Default sign-in method.
- In the Change Default Method drop-down menu, select Phone - call <your phone number>, then select Confirm.
- You should briefly see a green text box in the upper right hand corner of the page informing you that you have successfully updated your sign-in method.
- Your default sign-in method has now been changed and you can sign out or close your web browser.
How does Phone Call verification work?
- When you attempt to access a service or resource secured by MFA and need to validate your identity (i.e. when connecting to the VPN), the sign-in service will initiate a call to the phone number registered with your account.
- When you answer the call, you will hear "This is Microsoft sign-in system. If you are trying to sign in, press the pound (#) key."
- If you initiated this request, press the # key on your phone keypad to approve the request.
- If you are unsure of the source of the request, you can decline by disconnecting the call without keypad input.
- If you know you did not initiate the request and suspect fraud, you can enter 0# on the phone keypad. This will place an immediate block on your account to limit further abuse and alert IT staff for review and follow-up. Be aware that you will not be able to sign in to any services until IT has reviewed your account and lifted the block put in place by the fraud report.
- The sign-in service will play a thank you message, grant you access to the target service or resource, and disconnect the call.
- You should now be signed in to the target resource from step 1.