As part of our efforts to keep the Commonwealth safe and secure, we are turning on multi-factor authentication (MFA) for Commonwealth personnel to access files and applications when off the Commonwealth’s secure network. MFA is a secure authentication method that requires users to enter two pieces of information when they log in:
1. One they know - like a password
2. One they don't know - like a PIN they receive on their mobile device.
MFA is a critical pillar of the Commonwealth’s cybersecurity program – namely stopping phishing attacks and unauthorized access by users who have obtained the login details of Commonwealth employees.
Personnel will be prompted for MFA when attempting to login into the network or access applications and files that are part of the Commonwealth, including access to Office 365 applications.
Users must complete a one-time setup to sign up for Azure AD MFA. Users will be prompted to enter MFA credentials every 90 days and/or when logging in from a new device for the first time. See below for set-up instructions and all MFA resources.