Microsoft MFA hard token

Process for procuring and setting up a hard token for Microsoft MFA (Multi-Factor Authentication) in the West Lafayette tenant:

A. Slightly more complex method (Cheaper - approx $15)

1. Hard tokens can be ordered from the website below (suggest shipping directly to the end user if possible)
https://shop.ftsafe.us/products/c200-h27

Note: These tokens will need to be purchased by you personally or through your Business Office.

ECN can assist with the following steps, once the token is received.

2. The purchaser should receive two emails: one with the encrypted 'seed key' and one with a password to decrypt the key. These will both need to be provided to IT Infrastructure Services so they can enter the seed into the Purdue Azure instance (share the seed key via Purdue Filelocker) (Exact process: Email it@purdue.edu with an ATTN: Collaboration team)

3. Also send the serial number from the hard token to Collaboration (So three emails/pieces of information in all)

4. Once the token has been entered into Azure by Infrastructure Services, they will need a code from the token at the time it is activated.

B. Self-service, less cheap method (approx $60) being tested:

1. Send an email to it@purdue.edu ATTN: Collaboration indicating that you plan to use a YubiKey/FIDO2 token.
2. Buy a YubiKey or any similar FIDO2 token
3. Once you have your token as well as confirmation that this has been enabled, go here: https://mysignins.microsoft.com/security-info
You’ll find a new option to add a security key. Then just follow the prompts.

Note: If you reached this place looking for instructions on using the smartphone app, check this link out, and contact us if you run into any trouble: https://techsupport.pharmacy.purdue.edu/kb/how-i-switch-my-office-account-use-microsoft-authenticator-instead-text-message