When the City of Windsor’s IT team proposed introducing multi-factor authentication, the first response was hesitation. It’s little wonder why; many organizations struggle with adoption of security tools as staff wrestle with inconsistencies in technical literacy and willingness to onboard new systems.
“Folks may not want to admit they don’t understand a tool, or they might misinterpret it as something that monitors their data – either way, their concerns are real and have a real effect on their ability to participate.” Says Chantelle, Manager of Technology Infrastructure for the City of Windsor.
“At first, some said things like ‘we may never get everyone on board’, but we simply responded, ‘Let’s just try’.”
Those challenges are what makes the City’s achievement so impressive. To date they’ve done more than implement MFA policies – they’ve achieved an organization-wide commitment to cybersecurity policy. The process began with the rollout of Microsoft’s Office 365 suite, where staff could optionally choose to use MFA. Invitations to participate went out via email, and more technical team members (many of which were already familiar with the tool) quickly took up the opportunity. These early adopters helped shape future onboarding efforts by showing what compliance looked like and helping to identify potential pitfalls.
“After the initial rollout, we felt confident enough to bring the bigger project to senior leadership,” Recalls Chantelle, “At first, some said things like ‘we may never get everyone on board’, but we simply responded, ‘Let’s just try’.”
Leadership’s initial reluctance stemmed from concerns about staff pushback. Thoughtful explanation of the “why” behind the project, along with a clear plan, was what eventually brought them on board. From there, enrollment was made mandatory – one department at a time. To achieve best success, each group needed to play their role: leadership providing clear expectations, managers co-ordinating their teams, union representatives supporting communication, and most importantly active listening from IT.
Listening looked like making time to connect with managers, union leaders and individual staff to identify concerns and act. This included training sessions for groups, setting up Q&A tables in breakrooms, and one-on-one discussions to keep the conversation flowing. In addition to listening, thoughtful care was put into creating effective training materials like videos, step by step guides, and more. Responding to each person, team, and department’s unique needs helped break down challenges and navigate around barriers.
Chantelle stands with other members of the City of Windsor’s team at the 2025 Municipal Information Systems Association Conference
Lastly, compliance means making a commitment to process and policy that transcends barriers.
“There were some edge cases who wouldn’t comply in the end, and for them that looked like no longer having access to the network,” said Chantelle. “These folks were not everyday computer users, and we were able to transition them off the network.
IT is often most comfortable ‘following the waterfall’ and taking the path of least resistance. Sometimes that’s because of pushback from teams or lack of buy-in from leadership; but taking a more creative approach and tackling obstacles as they come can be just the flexible solution needed to achieve success.
Chantelle offers the following advice for those looking to use a similar approach in their organizations:
- Take things head on; don’t let theoretical boundaries get in your way
- Define what success looks like for your team and find creative solutions for edge cases
- Be willing to listen and educate – people appreciate your patience
- Focus on explaining the “why” in a way that’s relevant and impactful for the audience you’re trying to reach (real world examples go a long way)
For the City, MFA is far from the last security challenge they’ll take on. As municipalities continue to be some of the organizations most at-risk for cyber attacks, they continue to push boundaries and be future forward in their approach to preventing breaches. Chantelle feels confident that the journey to compliance has laid the groundwork for future success.
“We’re not just getting it done – building long-term trust across departments. That sense of collaboration is the real success of this project.”
