This information explains some reasons MFA may be triggered on your account.
Service Authentications
More and more services are requiring MFA to ensure you are you. UCCS requires MFA to access the following services:
- MyUCCS Portal - Given multiple applications within the portal require MFA, UCCS OIT has opted to use MFA to login to the portal so that all apps meet security requirements placed on us by service providers.
- Nelnet - tuition and fee billing system
- Student Support Network - faculty alert and kudos system for students to help students succeed in the pursuit of their degree
Risky Sign-in's
We are using Risky Sign-ins as the trigger for MFA.
What are Risky Sign-in's?
Microsoft collects our sign in data and runs algorithms against it to determine normal and abnormal behavior. That, "abnormal behavior" is what triggers a Risky Sign-in.
Risk Event Type | Risk Level | Additional Explination |
|---|---|---|
| Sign-ins from anonymous IP addresses | Medium | You're using Tor browser, anonymous nodes/VPN's. This would be triggered as an anonymous IP address. |
| Impossible travel to atypical locations | Medium | You're in Colorado Springs at 2:20pm and Mumbai at 2:22pm. This is would be triggered as impossible travel. |
| Sign-ins from unfamiliar locations | Medium | You're always in Colorado Springs, now you're in England? This would be triggered as an unfamiliar location. |
| Sign-ins from infected devices | Low | Your credentials were used on a network that is hosting malware. This would be triggered as an infected device. |
| Sign-ins from IP addresses with suspicious activity | Medium | Microsoft has seen this IP doing shady stuff and now you are signing in with that IP address. This would be triggered as suspicious activity. |