You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > IT in a Classroom > M365 / Office365 > SIS – MFA & Conditional Access FAQs
SIS – MFA & Conditional Access FAQs
print icon
Bernhard Rieber
Feb 26, 2026
views icon 441

Quick, clear answers about MFA for Microsoft M365 on school devices vs. private devices.

Key point: On SIS campuses, SIS-managed devices and BYOD devices are trusted = no MFA.
MFA is mainly required when accessing SIS services on private/unmanaged devices outside school.
Links:
--> MFA – General Information
--> How to Set Up the Authenticator (Please be prepared and set up the authenticator in advance)
 

Index

FAQ 1: Why is Multi-Factor Authentication (MFA) being introduced?

Digital platforms are essential at SIS and process sensitive data such as personal information, academic records, and internal communication.

On private or unmanaged devices, a username and password alone are no longer sufficiently secure. Passwords can be stolen through phishing, malware, or data leaks.

MFA adds an extra layer of protection by requiring a second verification step. Even if a password is stolen, unauthorized access is prevented.

Back to top

FAQ 2: I use a private device but do not want to install an Authenticator app on my personal smartphone. What options do I have?

We understand that not everyone can or wants to use a smartphone.

If you or your children:

  • do not own a smartphone, or
  • are not allowed to use a smartphone at home, and
  • do not use a school-managed device at home,

we recommend installingf the PROTON APP on your private device:
--> How to install the PROTON APP 

Back to top

FAQ 3: Which devices require MFA, and which do not?

At school (on SIS campuses):

  • School-managed devices and BYOD (private devices) are trusted on SIS campuses.
  • No MFA is required.
  • At school as well, if a BYOD device is classified as risky, MFA is automatically enforced on that non-SIS-managed device.
  • On SIS school-managed devices — and on most BYOD devices — login works as usual with username and password.

At home / outside school:

  • On a school-managed SIS device: No change. No MFA required.
  • On a private/unmanaged device: MFA is required as an additional security measure.

  • Accessing OneDrive on phones or home computers when you are signed in

  • Using SIS email accounts (e.g. xxx@sis-site.ch/de/...) on private smartphones or home devices

  • How often you have to authenticate via the Authenticator depends on the device (e.g. every 12 hours / once per day).
     

--> The Authenticator app is the standard MFA method.

Authenticator setup guide: How to install the Authenticator

This ensures secure access to SIS Microsoft 365 services outside the protected school network.

Back to top

FAQ 4: Can students and teachers enable MFA using the Authenticator app, even on SIS-managed devices?

No.

SIS GROUP IT fully trusts its school-managed devices. These devices are protected and controlled through Conditional Access policies.

It is not possible to manually or independently enable MFA on SIS-managed devices. These settings are centrally managed and cannot be overridden by individual users.

Back to top

FAQ 5: Our kids are not allowed to use smartphones at school. How can they still access M365?

This is not a problem.

  • Students can log in to school-managed devices and private (BYOD) devices at school without MFA.
  • No smartphone is required for MFA @ school.
  • School rules regarding smartphone use remain unchanged.

MFA mainly applies when accessing SIS services on private/unmanaged devices, for example at home.

If a student does not have a smartphone or is not allowed to use one:

Alternative: You can also install an alternative authenticator app on your private device and use the app-generated token for MFA 
Please note: With this method, MFA is tied to the specific private device where the app is installed—however, you don’t need a smartphone, because the authenticator app runs directly on the laptop and generates the MFA token.
Interested? Follow the installation guide here:  --> How to install the PROTON APP 

Back to top

FAQ 6: What happens if a user account is hacked?

If an account is suspected to be hacked:

  • SIS GROUP IT will reset the password, and
  • MFA will be activated immediately.

This protects the affected account and helps secure the entire SIS IT infrastructure.

Please contact your local school site IT Support in these cases.

Back to top

FAQ 7: What should I do now?

At this stage, MFA is being prepared and gradually introduced.

We recommend that you:

  • install the Authenticator app and add your SIS account in advance (to be prepared), if no Smartphone available...
  • Follow the installation guide an set up PROTON APP on you privat device 

This will ensure a smooth transition once Conditional Access is fully implemented.

Back to top

© SIS GROUP IT — For support, please contact your local school IT support.

 

Feedback
0 out of 0 found this helpful

close button
scroll to top icon