Microsoft MFA (How To) Enroll Authenticator App From a Sign In Prompt
This article will provide instructions on how to enroll your UWM account in multi-factor authentication with Microsoft MFA using the Microsoft Authenticator App from a sign in prompt.
As of February 21, 2023, the Microsoft Authenticator App has been updated to include number matching and location mapping for the Push Notification authentication methods.
When you log into Microsoft 365 or any UWM service (PAWS, Canvas, etc.) you will be prompted to verify your account and confirm your identity (e.g. register Authenticator app or phone number, enter an alternate email, or create security questions).
This update will enable you to reset your UWM account password anywhere and anytime without the need to contact our Help Desk services. This can be done when you have forgotten your password, your password has expired, or you want to change your current password.
For additional information on this change, please visit our Digital Identity page at the following link: UWM Digital Identity Page.
Enrollment from an MFA Prompt
Begin by installing the Microsoft Authenticator App on the Android or iOS device you wish to use.
If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft's website.
1. Sign in with your UWM email address and password.
2. You will be notified that more information is required. Click Next.
3. On the next page, you will be prompted to keep your account secure, and will see a prompt to get the Microsoft Authenticator app. Click Next.
4. Read the instructions on screen. This is important because due to frequent Microsoft updates, images may vary by user, account, and device. Click Next.
5. Open the Microsoft Authenticator app on your mobile device and tap the Add account button in the top right corner of your app screen.
6. From the options, tap to select Work or school account, and then select Scan QR Code. Do not select sign-in, as multiple issues have been reported using that method.
7. Follow the prompt on your mobile device to scan the QR code or Add account Manually. If you are prompted to allow the Microsoft Authenticator app to access your camera, tap Allow.
Note: If you cannot scan the QR Code, click "Can't scan image?" under the QR code in the prompt. Follow the prompts within the Authenticator app to add your account and then you can move on to the next step.
8. Click Next. The system will run a test. On your screen you will see a number, and on your mobile device you will receive a push notification. When you open the push notification, you will see the location map of the IP address where you are attempting to sign in, and a prompt with a text box and number pad to match the number on screen. Enter the number from the sign-in prompt on screen, and tap Yes to approve the sign in.
Note: If the location map presented in the prompt does not match your physical location, this could be for reasons such as IP Address location, VPN use, and cell phone tower location. If you receive a prompt that you did not initiate, do not approve the prompt.
9. Now you will see your UWM account listed in your Microsoft Authenticator App.
10. After you receive the Notification approved message, click Next.
11. You will be prompted to set up a backup method. By default, you are asked to enter a phone number. Note: Because Teams is Microsoft authentication dependent, you *MUST NOT* submit a Teams phone as a verification method. For a list of authentication methods and further instructions on how to set up each method, please review our Authentication Methods KnowledgeBase article. Here you can learn more about your options, and find instructions on how to set up each method.
For more information about the Microsoft MFA sign in prompt please see Microsoft's article, Set up your Security info from a sign-in prompt.
For further UWM-specific information regarding MFA, please access: UWM Digital Identity Page