What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) combines two or more independent credentials or "factors" -- what you know (i.e. your password) with something you have (e.g. mobile phone) -- in order to create a second layer of security for your UWin Account. Even if someone has your password, they will be prevented from accessing your account when it is protected by MFA, unless they have access to your secondary authentication method.

Currently, MFA is enabled on all faculty, staff, and student accounts, and is being used with the following apps and services:

  • Office 365 and associated apps: Office 365 Portal, Microsoft Office, Outlook, OneDrive, and Teams
  • Brightspace (LMS)
  • UWinsite Student
  • UWinsite Finance
  • myUWinfo VIP Portal (Human Resources)

NOTE: the secondary authentication is required only when accessing MFA-protected services and apps from a non-trusted location. It is not be required when accessing MFA-protected services and apps:

  • on any computer in a trusted location (i.e. connected to campus wired or wireless networks)
  • on a computer connected to off campus network but using VPN connection

To report any MFA related issues, please submit your request for assistance by opening a ticket (select "Report MFA issue" in the Request Type field on the form).

Authentication Methods

You need to set up your authentication methods.

University of Windsor MFA users can pick any of the following secondary authentication methods as their second authentication "factors". We recommend enabling more than one in your profile so that in the event you are unable to proceed with your default secondary authentication method (as configured in your Microsoft work account profile), you can click on Sign in another way link and select a different method.

  1. Text message to your mobile phone containing the verification code
    You will be prompted to enter this code (i.e. second credential) when accessing MFA protected services and apps on non-trusted computers, right after entering their password.
     
  2. Microsoft Authenticator mobile app
    A push notification is sent to the Microsoft Authenticator app installed on your mobile device when accessing MFA protected services and apps on non-trusted computers. You will view the notification and select Approve to complete verification. If your phone is not connected to wi-fi or does not use mobile data, you will be prompted to enter verification code (i.e. second credential) when accessing MFA protected services and apps on non-trusted computers, right after entering their password. The Microsoft Authenticator app is available for iOS and Android platforms and can be downloaded from Apple and Google app stores.
     
  3. FIDO2 Key
    FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor, but is usually a USB, USB-C or NFC "key". Fast Identity Online (FIDO) is an open standard for passwordless authentication.  You will need to insert (in the case of USB) or tap (NFC) the key when prompted to authenticate. FICO2 Keys can be purchased through the University at Security Key | Information Technology Services (uwindsor.ca). Alternatively, for a list of vendors with known-compatible FIDO2 keys, see: Azure Active Directory passwordless sign-in - Microsoft Entra | Microsoft Learn.
     
  4. Call to phone number provided 
    An automated voice call is placed to the number that you listed in your profile when accessing MFA protected services and apps on non-trusted computers. You will answer the call and presses # on the phone keypad to approve the authentication. 
    Discontinued as of July 2023

For more details, please see Options for Second Factor of Authentication.

 

Signing in with MFA

Once you have configured your authentication methods and MFA was enabled on your UWin Account, the next time you log in to any MFA protected resources, you will be prompted for your login, password, and your MFA code or verification through the authenticator app. You will have the option to not ask again on that device for 30 days. Do not check that box if you are using a public computer (eg. library or computer lab workstation).

If you did not configure your authentication methods as part of extending or activating your UWin Account, you will need to go through MFA setup on your first access of an MFA-protected resource.

If you are unable to proceed with your default secondary authentication method (as configured in your Microsoft work account profile), you can cllick on Sign in another way link and select a different method.

Verfiy MFA Identity

 

 

 

 

 

 

 


 

 

Note for Office 365 Android Users:  Currently there are no supported mail apps for Android that support MFA - IT Services recommends installing the Outlook app from the Google Play store, which will give you improved functionality over the built-in mail/calendar app as well as the ability to use MFA. 

Note for Office 365 iPhone Users:  If you are using the built-in mail/calendar app on iOS 11 or above, it does support MFA, but you must remove and re-add the account in order for it to function.  Please see the instructions here on how to remove and re-add your account:  https://uwindsor.teamdynamix.com/TDClient/1975/Portal/KB/Edit?ID=9459  However for the best supported experience, IT Services recommends the Outlook app.

 

50% helpful - 2 reviews

Details

Article ID: 89145
Created
Fri 10/11/19 2:02 PM
Modified
Thu 9/7/23 11:13 AM

Related Articles (7)

Configuring Authentication Methods for Multi-Factor Authentication (MFA)
This article explains how to configure your auth options before (recommended) or after MFA was enabled on your account.
How to enable BitLocker drive encryption on your Windows 10 computer?
To provide additional security for sensitive data stored on your University-owned Windows 10 laptop, I.T. Services can assist you with enabling Bitlocker drive encryption.
Installing GlobalProtect VPN client on a Windows computer
Virtual Private Network (VPN) technology provides secure remote access and secure data transmission between devices that are not connected to the University wired or wireless campus networks and University systems. The the Palo Alto GlobalProtect software that you can install on your computer makes it seem as if it is on the campus network by setting up a tunnel which encrypts all traffic between your computer and the University firewall. This article is intended for Windows users.
Options for Second Factor of Authentication
The new MFA system requires that all faculty, staff and students create at least one second factor for authentication. The first factor is your password. This document outlines the various options for the second factor, and explains the pro's and con's of each one.
Reinstalling Microsoft Authenticator app on your new phone
If you have access to a computer, you may be able to update your MFA configuration to include your new phone following steps outlined in this article. If you can't, you have to submit a request by opening a ticket to have your MFA reset.
Retirement of Basic Authentication in Microsoft 365 E-mail
Microsoft recently announced that on October 1, 2022, basic authentication will be permanently disabled in Microsoft 365 for all organizations.
Setting Up Multi-Factor Authentication (MFA)
This article explains how to configure your authentication options after MFA was enabled on your account.