Instructions for setting up MFA on UWin Account.
Multi-Factor Authentication (MFA) combines two or more independent credentials - what you know (your password) with something you have (mobile phone) in order to create a second layer of security for your UWin Account. Even if someone knows your password, they will be prevented from accessing your account when it is protected by MFA.
When you sign in to your new account for the first time, you will be guided through a short setup process to configure multi-factor authentication (MFA). You must complete this step before gaining full access to your account. The setup process is designed to be simple and only takes a few minutes, helping ensure your account is protected from unauthorized access from the very beginning.
You can reset your MFA settings yourself following the instructions in this article as long as you have configured your UWin Account security questions. If you have not configured your security questions or forgot your answers, you will need to submit a ticket or contact the IT Service Desk to reset your MFA settings.
The different authentication options available in the My Profile under “My Security Info” page exist to let users prove their identity using multiple methods, which strengthens account security and provides flexibility during sign‑in or account recovery. Instead of relying only on a password—which can be stolen or guessed—these options (such as the Microsoft Authenticator app or passkeys) add extra verification factors so that access requires something you know, have, or are.
Passkeys are the most secure method of authentication. There are two different types of passkeys: a synced passkey (automatically syncs across your devices) and a device‑bound passkey (tied to a single device). This article focuses on synced passkeys.
Microsoft Authenticator is a free mobile app from Microsoft for iPhone, iPad, and Android devices that helps protect your UWin Account (Microsoft work/school account). Passwords alone are no longer enough to keep accounts secure. Microsoft Authenticator adds an extra layer of protection that helps prevent unauthorized access, even if someone else knows your password.
A device‑bound passkey stored locally in Microsoft Authenticator app on your mobile device is tied to a single device or authenticator instance and does not sync, meaning it must be re‑registered on each new device. It uses biometrics or a PIN to prove your identity and is resistant to phishing while providing tighter control than synced passkey by keeping the credential confined to one device.
Microsoft is now supporting phone sign-in which is a type of two-step authentication that does not require the user to enter their password.
If you have access to a computer, you may be able to update your MFA configuration to include your new phone following steps outlined in this article. If you can't, you have to submit a request by opening a ticket to have your MFA reset.
Some users reported that when accessing Security Info section on myprofile.microsoft.com to configure or update MFA authentication methods, an error message is displayed that says "An unexpected error has occurred."
Not every mail app on mobile devices supports Multi Factor Authentication (MFA). This article outlines which Android, iOS, and BlackBerry mail and calendar apps work with Microsoft Office 365 and MFA.