Frequently Asked Questions

Why is multifactor authentication necessary?

In the past several years, threat actors have increasingly targeted school districts, most commonly through ransomware attacks. Multiple school districts in Western PA have experienced ransomware attacks in the last year.  Ransomware is a form of malware designed to encrypt files on a device, network, or cloud storage, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. A compromised user account is this attack's most common starting point.

Our District sees thousands of attempts daily by threat actors to gain access to staff accounts, which continues to rise. For this reason, implementing MFA is required for our District. MFA is the best method to safeguard your email, online storage (OneDrive, Google Drive, SharePoint), and cloud-based instructional resources (Google, Canvas, Clever) from unauthorized access and tampering.

Are West A employees already using multifactor authentication?

Many staff already use MFA to protect their accounts. This includes the Central Office, school leaders, and nurses; additionally, staff who have experienced an account compromise in the last 18 months have had MFA enabled as part of the remediation process.

What are the benefits of MFA?

MFA adds an extra layer of security to your account and gives you total control over who has access to your files. Even if cybercriminals manage to get your password, they cannot complete the second identification method to access your account.

When will I be prompted for authentication?

Account verification occurs when launching an Office 365 application for the first time on a District computer or signing in with a web browser. When using a web browser, a verification will last until all tabs have been closed. Clearing your browser history or restarting the device will reset your sign-in session and trigger another authentication.

If you use a cell phone or tablet to check email, you will be prompted once to authorize the device. Once authorized, the device will be considered trusted, and you will not be prompted again.

A common practice to minimize verification requests is to sign in with a web browser at the beginning of the week and leave at least one browser window open to stay authenticated.

Verification should occur twice a day, at most. If you are being asked to authenticate multiple times a day, please get in touch with the helpdesk so we can work with you to reduce the number of prompts.

Do I have to use my personal cell phone?

While using a mobile phone is often the most convenient authentication method, since most people carry one throughout the day, there are other options. Other methods include using a desk phone, a tablet (if available) with the Microsoft Authenticator app, or a hardware security key. If you have a unique case where none of these apply to you, please get in touch with the technology team to explore other options.

What are the authentication methods I can choose from?

You can choose between a cell phone text message or call, a desk phone, mobile app, or a hardware security key.

Can I choose more than one way to authenticate?

You can add multiple authentication options to your account. For example, you can add a cell phone, desk phone, and authenticator app. When signing in, these three options will appear for you.

Is there a cost associated with using my cell phone to receive text messages or call verifications?

Most phone carriers have switched customer plans to unlimited calls and data. If, however, your carrier still charges by usage, there are several options. You can connect the phone to the school’s WiFi network and enable WiFi Calling to avoid carrier charges. If this feature is unavailable on your device, consider using the Microsoft Authenticator app, which works with WiFi and offline.

If I use my personal phone or device, will West Allegheny have access to my number or device data?

Personal phone numbers and devices added to your account are not visible or accessible by the District.

How often will I need to verify my sign-in?

This will vary depending on your workflow. A verification will appear each time a new sign-in session is initiated. You will only be prompted once for applications on your computer such as Outlook, OneDrive, Word, etc. When using a web browser, a verification will last until all tabs have been closed. Clearing your browser history or restarting the device will reset your sign-in session. A common practice is to sign in at the beginning of the week and leave at least one browser window open to stay authenticated.

If you are being asked to authenticate multiple times a day, please get in touch with the helpdesk so we can work with you to reduce the number of prompts.

What if I do not have my phone with me, or it is not working?

Setting up an additional authentication method is a great way to ensure you can verify your sign-in. For example, if you use text message codes with your cell phone, consider adding your desk phone as an alternate option.

What if I do not have a cell signal when prompted?

If you do not have a cell signal in your room, you can connect the phone to the school’s WiFi network and enable WiFi Calling. If this feature is unavailable on your device, consider using the Microsoft Authenticator app. The app provides authentication both on WiFi and offline.

Can I use my desk phone for authentication?

Your desk phone can be used for verification calls, even if you do not have a direct dial number. Please consider adding a second authentication method if you intend to sign in outside the District.