YubiKeys may be used for MFA for O365 beginning March 3

WHAT ARE WE DOING?

 

The Core Computing Division will enable YubiKeys to be used for multifactor authentication (MFA) for Microsoft O365 applications, such as Fermilab email, on devices that support YubiKeys beginning Thursday, March 3.

 

WHAT IS THE IMPACT TO YOU?

  • After March 3, if you have a YubiKey plugged into your device at the moment your O365 session expires, you will be prompted to enter your YubiKey passcode when you log in. If your YubiKey is not plugged in, the system will prompt you to use your RSA token and passcode. If preferred, you can bypass using your YubiKey and use your RSA token and passcode instead.
  • YubiKeys still cannot be used on devices without USB-compatible ports such as smartphones. If you use such a device to read email or access other Microsoft O365 applications, you must continue to use your RSA token to authenticate on that device.

WHAT DO YOU NEED TO DO?

After the change on Thursday, March 3, when your O365 session expires, O365 will prompt you for the appropriate token depending on whether or not you have a YubiKey plugged in to that device.

If you use both a YubiKey and an RSA token, there is no specific action you need to take. Just follow the prompts as appropriate.

If you have any questions about this message, contact the Service Desk.