About multi-factor authentication

MFA is mandatory at the University of Manitoba for all faculty, staff, and students.

Multi-factor authentication or MFA adds an extra layer of security to our university accounts to protect you, your data, and university systems from unauthorized access and phishing attacks.

Verifying your identity using a second factor such as your phone or mobile device prevents others from accessing your accounts, even if they know your password. 

How it works: MFA works by requiring both of the following verification methods to access your account:

  • Something you know (your UM username and password)
  • Something you have (a trusted device – your mobile phone)

MFA-protected services

The range of MFA-protected services is continually expanding. The services that are currently protected with multi-factor authentication include:

Remember to keep your software up-to-date by installing the latest security patches and updates.  

Getting started

Setting up  multi-factor authentication with Microsoft Entra is easy and only takes a few minutes. Once in place, it takes only seconds to verify yourself when logging in each time!

Visit Set up MFA for detailed instructions on setting up Entra MFA. 

How to sign in using MFA

Microsoft Entra MFA

Authenticator app with number matching - Recommended

  1.  Log in with your username and password.
  2. Your computer shows a two-digit number, and a notification is sent to your phone.
  3. Open the authenticator app, enter the number on your computer screen and select Yes.

Authenticator app with a one-time passcode

If you are unable to connect to a mobile network on your phone, you can use a one-time passcode in the Microsoft Authenticator app to authenticate. Accessing the one-time passcode does not require your phone to be connected to a network. 

  1. Log in with your UM email address and password.
  2. If prompted to authenticate, select I can’t use my Microsoft Authenticator app right now.
  3. On the Verify your identity screen, choose Use a verification code.
  4. Open your Authenticator App and select your UM account. You will see a six-digit, One-Time password code.
  5. Enter the code from your app to verify your identity.

Phone SMS

  1. Log in with your username and password.
  2. Receive a passcode via text message (SMS) to authenticate.
  3. Enter the 6-digit code to log in.

Phone call

  1. Log in with your username and password.
  2. Receive a phone call to authenticate.
  3. Answer and then press the # key to log in.

Please note: The Phone SMS and Phone call sign in methods are only available if you have previously setup these methods of authentication.  

Other options

Please contact the IST Service Desk for an alternative solution.

When you will be prompted for MFA

You will be prompted to use Microsoft Entra multi-factor authentication (MFA) whenever you have to log in to an MFA-protected service such as UM Zoom, UM Intranet, the virtual private network (VPN), your UM Microsoft 365 applications and others.

You will be prompted for a second factor to log in to the university's MFA-protected services on every device at least once. Duo or Microsoft Entra will prompt you when logging in to a protected service both on and off campus.

On your desktop

You will be prompted:

  • The first time you open a Microsoft 365 application, UM Intranet or UM Zoom.
  • The first time logging in after changing your UMNetID password.
  • When signing in to the virtual private network (VPN). Note: After you are enrolled in Microsoft Entra MFA, you must use the "uofm-vpn" connection in the Ivanti Secure Access Client to sign in to the VPN.

In your browser

You may be prompted:

  • When opening a Microsoft 365 Online tool, UM Intranet site or UM Zoom in a new or private browser window. 

On your mobile device

You will be prompted:

  • The first time you open a Microsoft 365 application, UM Intranet site or UM Zoom.
  • When using the mobile browser to open a Microsoft 365 tool.
  • The first time logging in after changing your UMNetID password.
  • When using a mail app that is not Outlook.
  • When you start using a new device.

FAQs Microsoft Entra MFA


Is Entra MFA accessible for people with disabilities?

If you have questions or concerns about accessibility or need accommodation, please contact the IST Service Desk at 204-474-8600.

I can't use the mobile app. Are there other authentication options?

Yes. Other authentication options include:

Text message
  • You can choose to receive a passcode via text message to your mobile phone. This would require a texting plan on your device.
Phone call to a number
  • You also have the choice of using a landline to authenticate.  However, keep in mind that you would have to change your authentication number if you are away from your landline.  Using your work phone requires being on campus, setting up call forwarding or using a softphone application like Jabber.
Other options



What is number matching?

Entra MFA offers number matching as part of its verification process. Compared to other methods, this feature significantly enhances security. Here's how it works: when a user tries to log in, Entra MFA sends a notification to their registered device displaying a two-digit number. Simultaneously, the user also sees a notification on their login screen, where they are presented with an array of numbers from which they can select the matching two-digit number.

This method is more secure because it requires the user to actively participate in the verification process, thereby helping to guard against fraudulent sign-in attempts. It's not enough for a malicious actor to gain access to your device; they would also need to be able to see your screen at the exact moment you're logging in to know the correct two-digit number to pick.

Why use number matching?

Entra MFA uses number matching in place of the “Yes” and “No” buttons in MS Authenticator due to new industry best practice guidance and the rise of MFA fatigue cyberattacks.

A fatigue cyberattack is used when a threat actor has your username and password. The threat actor generates repeated MFA prompts and hopes you will hit “Yes” to make it stop. If you experience an MFA fatigue attack, please select “No, it’s not me” to protect your account.

All vendors, including Duo, are moving to number matching because of this issue.

Is there an Apple Watch app?

Unfortunately, there is no watch app currently supported by Microsoft.

What are the requirements to use the Mobile App?

Please visit the App Store for your device for the most up-to-date information. Direct links to the app are available on Microsoft’s website.

Currently, the App is supported by Microsoft on:

  • Android 8 and above
  • iPhone/iPad OS 15.0 and above

What buttons are used for telephone calls?

Microsoft’s Entra MFA uses # to verify that you are logging in to a protected service, and 0 to report the authentication attempt as fraudulent if you are not attempting to log in or access a protected service.

Please note that this is reversed from what Duo MFA used.

Can I reuse my Duo MFA Hardware Token (Fob)

No, unfortunately, you cannot. For the best user experience, we recommend using the Microsoft Authenticator app as your default with a phone call as an alternative method. If you need a hardware token, please contact the IST Service Desk

Can I have Entra MFA setup on multiple devices?

You can configure:

  • Up to 5 Authenticator Apps
  • Up to 3 telephone numbers (phone, office, alternate phone)

What type of authentication methods can I use?

You can configure authenticator apps, phone numbers, and hardware tokens (contact the IST Service Desk ) as methods.

Will I be charged for the phone calls and text messages that are used for authentication?

You may be charged for the phone calls or text messages you receive depending on your phone or mobile device plan. 

Contact us

Call or chat
Monday to Friday, 8 a.m. to 8 p.m.
Call 204-474-8600 or Chat now
To report a critical system outage after hours or on weekends and holidays, call 204-474-8600 and press 2.

IST Service Desk walk-in service
123 Fletcher Argue
University of Manitoba, Fort Garry
Hours: Monday to Friday, 8 a.m. to 6 p.m.
Join the queue: Fort Garry WaitWell or text your name to 431-631-0844

230 Neil John Maclean Library
University of Manitoba, Bannatyne
Hours: Monday to Friday, 8 a.m. to 4:30 p.m.
Join the queue: Bannatyne WaitWell or text your name to 431-631-6555