August 21, 2025 14:00 - New Risk-Based MFA Prompts Begin Tuesday, August 26, 2025 View

To strengthen Queen's account security and prevent unauthorized access, a new Multi-Factor Authentication (MFA) policy will be implemented for all Microsoft-integrated applications (Queen's Single Sign-on / M365 apps) beginning Tuesday, August 26, 2025.

This policy applies to ALL Microsoft-integrated applications (Queen's Single Sign-On / Microsoft 365 apps) and introduces additional MFA checks in specific scenarios.

What's Changing

1. MFA Prompt for High-Risk Sign-ins

• If a sign-in attempt appears unusual (e.g., from an unfamiliar or geographically distant location), the user will be asked to re-confirm their identity with MFA.
• This includes "impossible travel" scenarios, where a login attempt is made from a location that is not possible based on the user's recent activity.
• Helps block session token theft and other malicious activity.
• Applies to all MFA-enabled accounts and all Microsoft/Entra-integrated applications.

2. MFA Prompt on MFA Registration

• When MFA settings are updated (e.g., adding a new phone number or authentication method), the user will be prompted to complete an MFA challenge.
• Prevents unauthorized users from adding their own MFA methods to a compromised account.
• Only applies to accounts already enrolled in MFA

Why This Matters These MFA improvements add stronger protection against account compromise, helping ensure that only the rightful account holder can sign in or update authentication settings.

What You Need to Do No action is required unless you encounter one of the new MFA prompts. Simply follow the on-screen instructions to verify your identity. If you experience issues, contact the IT Support Centre for assistance.

In Summary These updates strengthen Queen's overall security posture while keeping the sign-in experience simple for legitimate users. Thank you for your attention and for doing your part to help keep our community secure.