UM multi-factor authentication

The range of MFA-protected services is continually expanding. The services that are currently protected with multi-factor authentication include:

• Campus virtual private network (VPN)
• Clockwork
• Concur
• EPIC
• LibCal (Library calendar - Booking tool for booking time with a librarian)
• Lib staffer
• Lumens
• Mailman (Admin)
• Microsoft 365 applications (Teams, OneDrive, Word, Excel, PowerPoint, Forms, Bookings etc.)
• SimCapture (RFHS)
• UM Intranet
• UM Zoom

Remember to keep your software up-to-date by installing the latest security patches and updates.  

If you have questions or concerns about accessibility or need accommodation, please contact the IST Service Desk at 204-474-8600.
 

Yes. Other authentication options include:

Text message

• You can choose to receive a passcode via text message to your mobile phone. This would require a texting plan on your device.

Phone call to a number

• You also have the choice of using a landline to authenticate.  However, keep in mind that you would have to change your authentication number if you are away from your landline.  Using your work phone requires being on campus, setting up call forwarding or using a softphone application like Jabber.

Other options

• Please contact the IST Service Desk.

Entra MFA offers number matching as part of its verification process. Compared to other methods, this feature significantly enhances security. Here's how it works: when a user tries to log in, Entra MFA sends a notification to their registered device displaying a two-digit number. Simultaneously, the user also sees a notification on their login screen, where they are presented with an array of numbers from which they can select the matching two-digit number.

This method is more secure because it requires the user to actively participate in the verification process, thereby helping to guard against fraudulent sign-in attempts. It's not enough for a malicious actor to gain access to your device; they would also need to be able to see your screen at the exact moment you're logging in to know the correct two-digit number to pick.

Entra MFA uses number matching in place of the “Yes” and “No” buttons in MS Authenticator due to new industry best practice guidance and the rise of MFA fatigue cyberattacks.

A fatigue cyberattack is used when a threat actor has your username and password. The threat actor generates repeated MFA prompts and hopes you will hit “Yes” to make it stop. If you experience an MFA fatigue attack, please select “No, it’s not me” to protect your account.

All vendors, including Duo, are moving to number matching because of this issue.

Unfortunately, there is no watch app currently supported by Microsoft.

Please visit the App Store for your device for the most up-to-date information. Direct links to the app are available on Microsoft’s website.

Currently, the App is supported by Microsoft on:

• Android 8 and above
• iPhone/iPad OS 15.0 and above

Microsoft’s Entra MFA uses # to verify that you are logging in to a protected service, and 0 to report the authentication attempt as fraudulent if you are not attempting to log in or access a protected service.

Please note that this is reversed from what Duo MFA used.

No, unfortunately, you cannot. For the best user experience, we recommend using the Microsoft Authenticator app as your default with a phone call as an alternative method. If you need a hardware token, please contact the IST Service Desk. 
 

You can configure:

• Up to 5 Authenticator Apps
• Up to 3 telephone numbers (phone, office, alternate phone)

You can configure authenticator apps, phone numbers, and hardware tokens (contact the IST Service Desk ) as methods.

You may be charged for the phone calls or text messages you receive depending on your phone or mobile device plan.