Technical FAQ

Microsoft 365 MFA setup

In order to secure your online Microsoft 365 account and make it easier to recover from a lost password, Wooden Spoon is rolling out multi factor authentication (MFA) and self-service password reset (SSPR).

Most of the setup happens in the backend, however the final steps to enable those features require your active participation. Please note that per your company policy, this setup is mandatory.

This document describes the steps you will need to take in order to enable the features for your business login.

One-time setup

1. Close all Office applications such as Outlook, Excel, Word, etc. 
2. Open your web browser (Microsoft Edge or Google Chrome)
3. Press <CTRL>+<SHIFT>+<N> to open an InPrivate/Incognito window
4. Go to https://www.office.com
5. Click Sign in
6. Enter your email address and password if prompted
   Note: For some clients it is possible your Microsoft 365 login is not your email address
7. Click Sign In
8. Page More information required displays


   
9. Click Next
10. Page Method 1 of 2: App displays
    
11. Install the free Microsoft Authenticator app on your mobile device


    a. Recommended: Click on Download now to get a page that will assist you in installing the app on your mobile device by scanning a 
specific QR code
    
    b.You can also select the app from your mobile phone app store, however, make sure you select the official Microsoft Authenticator when
searching your device app store, as other apps may look similar. The correct app is this:
    
    c. If you already installed the wrong app by accident, remove it from your mobile device.
12. Once the app is installed, click Next
13. Next page is a notice to make sure you allow notifications on your mobile device
    
14. Click Next
15. The next page displays a QR code


    
16. Open the Microsoft Authenticator app on your mobile device and click on the + sign in the upper-right corner
17. Select Work or school account
18. Select Scan QR code
    a. Allow the application to access the camera if prompted
19. Scan the QR code with your mobile device’s camera
20. Click Next
21. At that point a push notification should display on your phone, requesting you to Approve Sign in
22. During that time, the page on the screen invites you to do the same
    
23. Once you have approved the request on your mobile phone, the Next button becomes visible
24. Click Next
25. The next page confirms you have properly approved the request and that your mobile device is now able to approve future requests

    
26. Page Method 2 of 2: Email displays
    
27. Enter a personal/alternate email
28. This email address will be used to receive a one-time code in case you need to reset your lost Microsoft 365 password
29. The email address must NOT be from the same domain (the part after the @ symbol) as your business email
30. It is safe to use a personal email address for this, you must use a valid email address that you are able to check during this procedure
31. Note that this email address cannot be used for authentication, only for password reset requests
32. Click Next
33. The email code confirmation page displays
    
34. Check your alternate email address to retrieve the code that was just sent and enter it on this page
35. Press Next
36. A summary page loads up listing the MFA methods you have setup: Authenticator App and Email
    
37. Click Done, you can now close the Incognito/InPrivate

Using MFA, including Number Matching

1. From this point forward, whenever Microsoft asks for your password to authenticate, it will also ask you to validate the login by approving the push notification that will be automatically sent to your mobile device
2. When you respond to an MFA push notification using the Authenticator app, you’ll be presented with a number on your computer screen. You need to type that number into the app and tap Yes to complete the approval.
   
3. The notification will show you the name of the application and the approximate location of the computer from which this application is run
   

F.A.Q.

What to do if you enter the wrong MFA Number Matching code?

1. The login will be denied this once and the login window will prompt you again
2. Click on “Send another request to my Microsoft Authenticator app”
3. Enter the correct code on your mobile device and tap “Yes”

What if I change mobile device or get a new one?

1. You will need to work with Wooden Spoon IT to get MFA reset for you so you can sign-up for it again using the procedure above.

How to handle unexpected MFA push notifications?

1. If you receive an unexpected MFA push notification on your mobile device, your account was likely compromised in some way.
2. As a precautionary step, you should tap “No, it’s not me”. If you accidentaly tap this option, tap “Cancel” and try to login again
   
3. To report this fraudulent activity, tap “Report”.
   a. Note that by selecting Report, you are locking your Microsoft account and prevent any further access to your account until an administrator can review the incident and assist you with re-enabling your access after the incident has been resolved.
   
   b.While we understand this may look like an inconvenience to you, it is imperative that you fist protect your business account and report any fraud immediately
4. In this situation, please contact your manager or internal IT contact so they can open a support request on your behalf.
5. Note that any further attempt to login will be systematically denied and the login page will display the message “Sorry, we’re having trouble verifying your account. Please try again”.