Get More Info

Microsoft Outlook Multi-Factor Authentication

Dear Faculty and Staff,

In recent months, there has been a surge in the number of external malicious parties attempting to gain unauthorized access to Mercy employee email (@mercy.edu) accounts. If one of these external parties is potentially successful in gaining access to your College email account, there are multitudes of risks where these parties can:

  • Gain access to College, student, employee, or other sensitive and/or confidential information
  • Pretend to be you and send emails from your account attempting to perform financial operations in your name
  • Use your email account to reset passwords to other systems and when the link to reset the password is received in your email account, they simply click the link and now have access to the additional system(s) or website(s)

To combat the above-mentioned risks and hopefully prevent this unauthorized access, the Office of Information Technology Services will be enabling Multi-Factor Authentication (MFA) in a phased approach for all Microsoft Outlook accounts over the coming months.

MFA is an extra layer of security that will require you to enter a code from your phone in addition to your password every time you access your College email via a web browser at https://exchange.mercy.edu.

This code will also be required when you initially configure your Microsoft Outlook on your desktop or on your mobile phone. Once the code has been entered once during the initial configuration, it will no longer be required to access your email in Microsoft Outlook.

As we fully implement MFA authentication over the coming months, you will be receiving additional information from IT Services.

Please note that MFA will not be implemented for Google Gmail Accounts (@mercymavericks.edu).

If you have any questions or would like additional information, please contact the Help Desk at 914-674-7526 or see the FAQ’s below:

Frequently Asked Questions

  • Q: What is Multi-factor authentication (MFA) or 2 Factor Authentication (2FA)?
    A: MFA is an extra layer of security that will require you to enter a code from your phone in addition to your password every time you access your College email via a web browser at https://exchange.mercy.edu. First, you will enter your username and password. Then, instead of immediately gaining access, you will be required to provide a 6-digit code from your mobile phone. This code will also be required when you initially configure your Microsoft Outlook on your desktop or on your mobile phone. Once the code has been entered once during the initial configuration, it will no longer be required to access your email in Microsoft Outlook or your mobile phone.
  • Q: How do I configure Multi-factor authentication (MFA) for my email?
    A: In order to access your email account once MFA is turned on for your account, you will need your mobile phone handy. You can enable MFA on your mobile phone using SMS text messaging or by using the Microsoft Authenticator App. You will not need to configure MFA yourself and an IT Services Technician will contact you to assist with the setup and configuration process.
  • Q: When will I need to use MFA?
    A: MFA will be required every time you access your College email via a web browser at https://exchange.mercy.edu. This code will also be required when you initially configure your Microsoft Outlook on your desktop or on your mobile phone. Once the code has been entered once during the initial configuration, it will no longer be required to access your email in Microsoft Outlook or your mobile phone.
  • Q: Will I need to use MFA each time I login to access College Email via a web browser?
    A: Yes, to protect you and college data, MFA will be required every time you access your College email via a web browser at https://exchange.mercy.edu.
  • Q: Will I need to use MFA each time I use my Microsoft Outlook desktop client?
    A: MFA will be required when you initially configure your Microsoft Outlook on your desktop. Once the code has been entered once during the initial configuration, it will no longer be required to access your email in Microsoft Outlook except when you update your email password every 180 days.
  • Q: Will I need to use MFA each time I use my email on my mobile phone’s email application?
    A: MFA be required when you initially configure your email on your mobile phone. Once the code has been entered once during the initial configuration, it will no longer be required to access your email on your mobile phone except when you update your email password every 180 days.
  • Q: If I already have MFA enabled on my email account, do I need to take any action?
    A: Since you already have MFA authentication enabled, you do not need take any additional action.
  • Q: Do I need to take any action now?
    A: You do not need take any action at this time. An IT Services Technician will contact you to assist with the setup and configuration process.