• icon audience

    Available to

    Staff, faculty, students

  • icon money


    No cost

  • icon steps


    Microsoft A3 license, a mobile device or authentication method, Ivanti Secure Access Client

Getting started

Set up Entra MFA

Setting up Entra MFA

The university recommends using the free Microsoft Authenticator app to receive notifications on your smartphone or tablet to verify your identity when prompted for multi-factor authentication.

You will need a computer and a mobile device to set up Entra MFA. 

If you currently use or require a hardware token to authenticate, please contact the IST Service Desk

Step 1. Download and install the Microsoft Authenticator app

Visit the Apple App store or Google Play store on your device and install the Microsoft Authenticator app. Alternatively, visit aka.ms/authapp and download the Microsoft Authenticator app.

There are many authenticator apps out there. Make sure you are using the right one by visiting one of the links above or searching for "Microsoft Authenticator" in your app store.

Screenshot of the microsoft authenticator selection in the apple app store
Microsoft Authenticator in Apple App store

Step 2. Setup MFA

Step 3. Change your default sign-in to the Authenticator app

To ensure that you are prompted to sign in using push notifications:

  1. Visit https://mysignins.microsoft.com/security-info
  2. Is Microsoft Authenticator listed as your Default sign-in method?
    • No - Proceed with step 3. 
    • Yes - Congratulations, you are all set up! 
  3. Select Default sign-in method > Change.
  4. Choose the App based authentication – notification option.

Congratulations! You are now set up with the Microsoft Authenticator app and can receive push notifications for multi-factor authentication verification.

Step 4. Add an alternate authentication method

Set an alternate authentication method if you forget or lose your mobile device.

IST highly recommends using the free Microsoft Authenticator app as your primary authentication method. 

  1. Visit https://mysignins.microsoft.com/security-info.
  2. Select Add a method
    1. Phone (Alternate phone or Office phone)
    2. Security Key (If you require a security key due to accessibility issues, please contact the IST Service desk)
  3. Enter a phone number. 
  4. Choose Text a code or Call me and select Next. Microsoft will send a verification code to the phone number you added. 
  5. Enter the verification code on your screen and select Next.
  6. Select Done

For the Alternate phone and Office phone methods, the only option is "Call me."

Request assistance with setting up MFA

Create an IT ticket to request assistance with setting up MFA.

Request assistance

Report a problem

Report a problem with MFA

Create an IT ticket to report a problem with MFA. Someone from the IST Service Desk will contact you to ask for more information and assist you.

Report a problem with MFA

Unexpected authentication requests

What to do when you receive an unexpected authentication request?

When you receive an unexpected authentication request, never approve it if you have not been attempting to log in to a UM service or resource. Multi-factor authentication (MFA) requests are sent by push notification, text message or phone call when you try to log in to a university service. 

MFA works as another layer of security. If scammers get a hold of your login information through either a phishing email or a security breach, they will try to access your account by triggering a push using your credentials, hoping you will approve it. Once you have approved a fraudulent push, you will not know when your account is being accessed.

What you can do:

If you receive an unexpected Microsoft Authenticator request:

  1. Assume that someone is trying to illegally access your account: 
  2. First, choose “No, it’s not me” in the Authenticator app to block the request. 
  3. Change your password in signUM immediately.  
  4. Call the IST Service Desk at 204-474-8600 and report the attempt!

Never approve an authentication request from an unexpected phone call or text message. 

If you accidentally approve an unexpected Duo authentication request, report it to the IST Service Desk (204-474-8600) as soon as possible. The Information Security and Compliance team will work with you to secure your account and investigate the activity.

Common issues

Find solutions to common issues with setting up multi-factor authentication here.

The Microsoft Authenticator app requires me to enter my passcode or use FaceID every time the app opens – even if my phone is already unlocked. How can I stop this behaviour?

If your phone is prompting you to enter your passcode to open the Microsoft Authenticator app, you can disable App Lock. 

App Lock is added as an extra security feature so that another person can't accept an authentication request for you if your phone is unlocked. This is optional, and you can turn it off. 

If anyone else uses your phone or device, we strongly suggest leaving this feature on.

If your phone is locked, you will still need to enter your phone's passcode to unlock it, depending on your phone's settings. Disabling App Lock prevents you from needing to enter your passcode twice (once to unlock your phone, and again to open the app).

  1. Open the Microsoft Authenticator app.
  2. In the top left corner, select the three horizontal lines (hamburger menu).
  3. Select Settings.
  4. In the Security section, toggle App Lock to off. Now you can open the Microsoft Authenticator app without entering your phone's passcode.

I already had the Microsoft Authenticator app installed on my phone, but I am not getting sign-in notifications.

Delete your UM Account in the Authenticator app and set it up again using the setup instructions.

I am not able to set Microsoft Authenticator as my default sign-in method.

If you have registered the Microsoft Authenticator App but are not able to configure it as the default sign-in method, the Authenticator app may not have been registered to your account properly. We recommend the following steps to try to resolve this.

  1. Delete the Microsoft Authenticator from your account.
    • Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password.
    • Select Delete beside Microsoft Authenticator.
  2. Remove your account from the Microsoft Authenticator App on your mobile device.
    • Open the Microsoft Authenticator App on your device.
    • Select your University of Manitoba account.
    • Select Settings.
    • Select on Remove Account.
  3. Restart your mobile device and follow setup instructions again. 

Please contact the IST Service Desk for help with this process, or if you continue to experience this problem.

I just enrolled in MFA, and I can't connect to the virtual private network (VPN).

Please use the umanitoba-mfa connection in the Ivanti Secure Access Client to access the virtual private network (VPN). If you do not see this connection listed in your installation of Ivanti Secure Access Client, visit VPN support for setup and configuration instructions or contact the IST Service Desk.

How do I change the default authentication method?

  1. Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password.
  2. On your Security info page, next to Default sign-in method: select Change.
  3. Choose the method you wish to use as the default and select Confirm.

How do remove authentication methods or devices?

  1. Login to your Microsoft profile https://aka.ms/mysecurityinfo using your UM email address and password. You will need to complete an authentication using an existing MFA method. If you cannot complete an MFA authentication, please contact the IST Service Desk for help.
  2. In the authentication methods list, select Delete.
  3. Select OK to confirm the deletion. 


My attempts to connect to the virtual private network (VPN) keep timing out. I must try multiple times to connect successfully.

Try disabling the App Lock feature Microsoft Authenticator if you have issues with time running out when trying to log in. You must accept the prompt within 30 seconds, so disabling App Lock, which requires you to log in to the app every time you open it, will speed up the process. 

Outlook asks me to reauthenticate on any folder change, attempt to compose an email or lack of activity for over five seconds.

Follow the instructions below if you can add/remove an account in MS Outlook. Otherwise, please contact the IST Service Desk for support.  

  1. Restart your computer.
  2. Remove your account from Outlook. 
  3. Close Outlook down (confirm via task manager).
  4. Wait for a while. 
  5. Re-add your account.

What do I do with my old Duo token?

Your token is powered by a battery and is, therefore, considered electronic waste (e-waste). Please return the token to the IST Service Desk or take it to an e-waste facility.

You may also be interested in

Contact us

Call or chat
Monday to Friday, 8 a.m. to 8 p.m.
Call 204-474-8600 or Chat now
To report a critical system outage after hours or on weekends and holidays, call 204-474-8600 and press 2.

IST Service Desk walk-in service
123 Fletcher Argue
University of Manitoba, Fort Garry
Hours: Monday to Friday, 8 a.m. to 6 p.m.
Join the queue: Fort Garry WaitWell or text your name to 431-631-0844

230 Neil John Maclean Library
University of Manitoba, Bannatyne
Hours: Monday to Friday, 8 a.m. to 4:30 p.m.
Join the queue: Bannatyne WaitWell or text your name to 431-631-6555