Microsoft MFA – Authentication Methods

This article provides information on the various authentication methods users can choose from for use with Microsoft MFA.

Multi-Factor Authentication > Azure AD Multi-Factor Authentication > Azure MFA Incident


Beginning February 21, 2023, Microsoft Authenticator App will be updated to include number matching and location mapping for the Push Notification authentication method. 

Microsoft MFA offers a variety of ways for users to authenticate including text message, phone call, or the Microsoft Authenticator App's push notification or code entry. The following is a description of the various authentication methods that users can choose from. Users must choose one of the methods below as their primary authentication method, and depending on which methods you choose one or more backup methods. 

Microsoft Authenticator App Push Notification with number matching and location mapping. Requires the device to have a screen lock 

This method offers convenience to users. When a user attempts to sign in, they will have the following experience:  

  • When signing into a UWM service, a number will be displayed in the sign in prompt.  
  • The attempted sign in sends a push notification to the user’s registered mobile device.  
  • Upon opening the push notification, the app displays the location map of the IP address where the attempted sign in occurred, and a text box and number pad.  
  • The user enters number from the sign in prompt into the authenticator app and taps Yes.  
  • The user gains access to the UWM service by matching the correct number. 

Please Note: If the location map presented in the prompt does not match your physical location, this could be for reasons such as IP Address location, VPN use, and cell phone tower location. If you receive a prompt that you did not initiate, do not approve the prompt.  

The following image shows the Microsoft Authenticator App Push Notification with number matching and location mapping on an iOS device. If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft's website. If you are viewing this article on your mobile device, you can click the link to securely install it for Android from the Google Play Store, or for iOS from the App Store

Microsoft Authenticator App Number MatchingMicrosoft Authenticator App Number Matching Location Mapping
 
 
Microsoft Authenticator App Code Entry Does not require an internet connection for use, therefore it is recommended for international users. Requires the device to have a screen lock
 
This method puts authentication in the user's hands. After entering your password, you will be prompted to enter a 6-digit one-time password code for authentication. Codes are refreshed every 30 seconds in the app. The following image shows the Microsoft Authenticator 6-digit one-time password code on an iOS device. If you are viewing this article on a computer, you can securely install the Microsoft Authenticator App by using your Android or iOS device to scan the respective QR codes directly from Microsoft's website. If you are viewing this article on your mobile device, you can click the link to securely install it for Android from the Google Play Store, or for iOS from the App Store.
 
 
Microsoft MFA App One-time Password Code
 
Phone Call Do not use your Teams phone number because it is tied to your Microsoft account, and if you are logged out of Teams you cannot access this phone to answer and approve the call. Calling, messaging, and data rates apply.
 
This method allows users to answer a phone call and validate their identity by using the keypad on their phone. Because this method relies on audio, we do not have an image to share.
 
Text Message Calling, messaging, and data rates apply.
 
This method sends a text message with an authentication code. The user then enters this code into the authentication field on the device where they are logging in.
 
Text message code entry
 
Hardware Tokens Hardware tokens that were distributed with Duo are not compatible with Microsoft MFA. 
 
Limited quantities of hardware tokens (Fobs) are available in the UWM Tech Store.


Self-Service Password Recovery
 
The options above are all methods for Microsoft MFA authentication, in addition to app, phone and hardware tokens, you can choose either Email or Security Questions as secondary options. Please note that you cannot use the Email and Security Questions options to authenticate with Microsoft MFA, however, you can use them for Self-Service Password Recovery if you have forgotten your password or if your password expires. More information about each option is below.
 
Email
Allows you to enter a non-UWM email address. When using this for Self-Service Password Recovery, a code will be emailed to your alternate email. Entering the code correctly will allow you to perform Self-Service Password Recovery.
 
Security Questions
Choose and answer 3 security questions from a list of 20 choices. To use this with Self-Service Password Recovery, you must correctly answer all three security questions.
 



Keywords:Microsoft, MFA, Office, 365, M365, O365, Azure, password, passcode, enroll, enrollment, method, technology, fob, phone, mobile, android, iOS, student, faculty, staff, academic, authenticate, authentication, method, methods, choice, choose, SPPR, multi, factor, multi-factor, hardware, token, call, text, txt, message, data, rates, code, more, info, information, required, require,   Doc ID:67968
Owner:Help Desk K.Group:UW-Milwaukee Help Desk
Created:2016-10-24 08:05 CSTUpdated:2023-02-01 15:35 CST
Sites:UW-Milwaukee Help Desk
Feedback:  7   28