Multi-factor authentication

Multi-factor authentication (MFA) is a secure authentication method in which users are required to show more than one type of identification to gain access to online services and applications.

As part of our efforts to keep the Commonwealth safe and secure, we are turning on multi-factor authentication (MFA) for Commonwealth personnel to access files and applications when off the Commonwealth’s secure network. MFA is a secure authentication method that requires users to enter two pieces of information when they log in:

1. One they know - like a password
2. One they don't know - like a PIN they receive on their mobile device.

MFA is a critical pillar of the Commonwealth’s cybersecurity program – namely stopping phishing attacks and unauthorized access by users who have obtained the login details of Commonwealth employees.

Personnel will be prompted for MFA when attempting to login into the network or access applications and files that are part of the Commonwealth, including access to Office 365 applications.

Users must complete a one-time setup to sign up for Azure AD MFA. Users will be prompted to enter MFA credentials every 90 days and/or when logging in from a new device for the first time. See below for set-up instructions and all MFA resources.

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback