Microsoft MFA – Authentication Methods
This article provides information on the various authentication methods users can choose from for use with Microsoft MFA.
Beginning November 15, 2021, All UWM accounts will be switching over to a new Digital Identity Experience that will utilize the security and multi-factor authentication tools in Microsoft 365.
Microsoft MFA offers a variety of ways for users to authenticate including text message, phone call, or the Microsoft Authenticator App’s push notification or code entry. The following is a description of the various authentication methods that users can choose from. Users must choose one of the methods below as their primary authentication method, and depending on which methods you choose one or more backup methods.
Microsoft Authenticator App – Push Notification Requires the device to have a screen lock
This method offers convenience to users. Simply approve the notification that is sent to your phone when logging into your account, and you’re in. When a notification is sent via the Microsoft Authenticator app, the user is required to authenticate with biometrics or a passcode. How the user verifies their identity is dependent on how the user has the screen lock set up on their device. The following image shows the Microsoft Authenticator App Push Notification on an iOS device. If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft’s website. If you are viewing this article on your mobile device, you can click the link to securely install it for Android from the Google Play Store, or for iOS from the App Store.
Microsoft Authenticator App – Code Entry Does not require an internet connection for use, therefore it is recommended for international users. Requires the device to have a screen lock
This method puts authentication in the users’ hands. After entering your password, you will be prompted to enter a 6-digit one-time password code for authentication. Codes are refreshed every 30 seconds in the app. The following image shows the Microsoft Authenticator 6-digit one-time password code on an iOS device. If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft’s website. If you are viewing this article on your mobile device, you can click the link to securely install it for Android from the Google Play Store, or for iOS from the App Store.
Phone Call Do not use your Teams phone number because it is tied to your Microsoft account, and if you are logged out of Teams you can’t access this phone to answer and approve the call. Calling, messaging, and data rates apply.
This method allows users to answer a phone call and validate their identity by using the keypad on their phone. Because this method relies on audio, we do not have an image to share.
Text Message Calling, messaging, and data rates apply.
This method sends a text message with an authentication code. The user then enters this code into the authentication field on the device where they are logging in.
Hardware Tokens Hardware tokens that were distributed with Duo are not compatible with Microsoft MFA.
Limited quantities of hardware tokens (Fobs) are available in the UWM Tech Store.
For a range of compelling reasons, UWM faculty and staff members are discouraged from requesting hardware fobs/tokens, including: the possibility of loss/theft; environmental impact considerations; cost containment; and consistency with higher education “best practices.”
Even so, provision of fobs/tokens to UWM faculty and staff users will be done under the following circumstances:
1. To accommodate accessibility of a user
2. When a user lacks both a cell phone and a non-Teams landline
3. To support a user who works in a location without connectivity
4. When a user lacks a text plan on their cell phone
5. When a user’s cell phone plan assesses charges for individual text messages and/or call minutes
Self-Service Password Recovery
The options above are all methods for Microsoft MFA authentication, in addition to app, phone and hardware tokens, you can choose either Email or Security Questions as secondary options. Please note that you cannot use the Email and Security Questions options to authenticate with Microsoft MFA, however, you can use them for Self-Service Password Recovery if you have forgotten your password or if your password expires. More information about each option is below.
Email
Allows you to enter a non-UWM email address. When using this for Self-Service Password Recovery, a code will be emailed to your alternate email. Entering the code correctly will allow you to perform Self-Service Password Recovery.
Security Questions
Choose and answer 3 security questions from a list of 20 choices. To use this with Self-Service Password Recovery, you must correctly answer all three security questions.
Choose and answer 3 security questions from a list of 20 choices. To use this with Self-Service Password Recovery, you must correctly answer all three security questions.