Set up MFA

Setting up Entra MFA

The university recommends using the free Microsoft Authenticator app to receive notifications on your smartphone or tablet to verify your identity when prompted for multi-factor authentication.

You will need a computer and a mobile device to set up Entra MFA. 

If you currently use or require a hardware token to authenticate, please contact the IST Service Desk. 

Step 1. Download and install the Microsoft Authenticator app

Visit the Apple App store or Google Play store on your device and install the Microsoft Authenticator app. Alternatively, visit aka.ms/authapp and download the Microsoft Authenticator app.

There are many authenticator apps out there. Make sure you are using the right one by visiting one of the links above or searching for "Microsoft Authenticator" in your app store.

Microsoft Authenticator in Apple App store

Step 2. Setup MFA

• Follow these detailed instructions for setting up and testing your multi-factor authentication https://ithelp.umanitoba.ca/a/1762543-set-up-mfa 

Step 3. Change your default sign-in to the Authenticator app

To ensure that you are prompted to sign in using push notifications:

1. Visit https://mysignins.microsoft.com/security-info. 
2. Is Microsoft Authenticator listed as your Default sign-in method?
   • No - Proceed with step 3. 
   • Yes - Congratulations, you are all set up! 
3. Select Default sign-in method > Change.
4. Choose the App based authentication – notification option.

Congratulations! You are now set up with the Microsoft Authenticator app and can receive push notifications for multi-factor authentication verification.

Step 4. Add an alternate authentication method

Set an alternate authentication method if you forget or lose your mobile device.

IST highly recommends using the free Microsoft Authenticator app as your primary authentication method. 

1. Visit https://mysignins.microsoft.com/security-info.
2. Select Add a method 
   1. Phone (Alternate phone or Office phone)
   2. Security Key (If you require a security key due to accessibility issues, please contact the IST Service desk)
3. Enter a phone number. 
4. Choose Text a code or Call me and select Next. Microsoft will send a verification code to the phone number you added. 
5. Enter the verification code on your screen and select Next.
6. Select Done. 

For the Alternate phone and Office phone methods, the only option is "Call me."

Request assistance with setting up MFA

Create an IT ticket to request assistance with setting up MFA.

Request assistance

Report a problem with MFA

Create an IT ticket to report a problem with MFA. Someone from the IST Service Desk will contact you to ask for more information and assist you.

Report a problem with MFA

What to do when you receive an unexpected authentication request?

When you receive an unexpected authentication request, never approve it if you have not been attempting to log in to a UM service or resource. Multi-factor authentication (MFA) requests are sent by push notification, text message or phone call when you try to log in to a university service. 

MFA works as another layer of security. If scammers get a hold of your login information through either a phishing email or a security breach, they will try to access your account by triggering a push using your credentials, hoping you will approve it. Once you have approved a fraudulent push, you will not know when your account is being accessed.

What you can do:

If you receive an unexpected Microsoft Authenticator request:

1. Assume that someone is trying to illegally access your account: 
2. First, choose “No, it’s not me” in the Authenticator app to block the request. 
3. Change your password in signUM immediately.  
4. Call the IST Service Desk at 204-474-8600 and report the attempt!

Never approve an authentication request from an unexpected phone call or text message. 

If you accidentally approve an unexpected Duo authentication request, report it to the IST Service Desk (204-474-8600) as soon as possible. The Information Security and Compliance team will work with you to secure your account and investigate the activity.

If your phone is prompting you to enter your passcode to open the Microsoft Authenticator app, you can disable App Lock. 

App Lock is added as an extra security feature so that another person can't accept an authentication request for you if your phone is unlocked. This is optional, and you can turn it off. 

If anyone else uses your phone or device, we strongly suggest leaving this feature on.

If your phone is locked, you will still need to enter your phone's passcode to unlock it, depending on your phone's settings. Disabling App Lock prevents you from needing to enter your passcode twice (once to unlock your phone, and again to open the app).

1. Open the Microsoft Authenticator app.
2. In the top left corner, select the three horizontal lines (hamburger menu).
3. Select Settings.
4. In the Security section, toggle App Lock to off. Now you can open the Microsoft Authenticator app without entering your phone's passcode.

Delete your UM Account in the Authenticator app and set it up again using the setup instructions.

If you have registered the Microsoft Authenticator App but are not able to configure it as the default sign-in method, the Authenticator app may not have been registered to your account properly. We recommend the following steps to try to resolve this.

1. Delete the Microsoft Authenticator from your account.
   • Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password.
   • Select Delete beside Microsoft Authenticator.
2. Remove your account from the Microsoft Authenticator App on your mobile device.
   • Open the Microsoft Authenticator App on your device.
   • Select your University of Manitoba account.
   • Select Settings.
   • Select on Remove Account.
3. Restart your mobile device and follow setup instructions again. 

Please contact the IST Service Desk for help with this process, or if you continue to experience this problem.

Please use the umanitoba-mfa connection in the Ivanti Secure Access Client to access the virtual private network (VPN). If you do not see this connection listed in your installation of Ivanti Secure Access Client, visit VPN support for setup and configuration instructions or contact the IST Service Desk.

1. Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password.
2. On your Security info page, next to Default sign-in method: select Change.
3. Choose the method you wish to use as the default and select Confirm.

1. Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password. You will need to complete an authentication using an existing MFA method. If you cannot complete an MFA authentication, please contact the IST Service Desk for help.
2. In the authentication methods list, select Delete.
3. Select OK to confirm the deletion. 

Try disabling the App Lock feature Microsoft Authenticator if you have issues with time running out when trying to log in. You must accept the prompt within 30 seconds, so disabling App Lock, which requires you to log in to the app every time you open it, will speed up the process. 

Follow the instructions below if you can add/remove an account in MS Outlook. Otherwise, please contact the IST Service Desk for support.  

1. Restart your computer.
2. Remove your account from Outlook. 
3. Close Outlook down (confirm via task manager).
4. Wait for a while. 
5. Re-add your account.

Your token is powered by a battery and is, therefore, considered electronic waste (e-waste). Please return the token to the IST Service Desk or take it to an e-waste facility.

To avoid issues, consider adding more authentication methods to your account.