What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) combines two or more independent credentials - what you know (your password) with something you have (mobile phone) in order to create a second layer of security for your UWin Account. Even if someone knows your password, they will be prevented from accessing your account when it is protected by MFA.

Multi-Factor Authentication (MFA) combines two or more independent credentials or "factors" -- what you know (i.e. your password) with something you have (e.g. mobile phone) -- in order to create a second layer of security for your UWin Account. Even if someone has your password, they will be prevented from accessing your account when it is protected by MFA, unless they have access to your secondary authentication method.

Currently, MFA is enabled on all faculty, staff, and student accounts, and is being used with the following apps and services:

• Office 365 and associated apps: Office 365 Portal, Microsoft Office, Outlook, OneDrive, and Teams
• Brightspace (LMS)
• UWinsite Student
• UWinsite Finance
• myUWinfo VIP Portal (Human Resources)

NOTE: the secondary authentication is required only when accessing MFA-protected services and apps from a non-trusted location. It is not be required when accessing MFA-protected services and apps:

• on any computer in a trusted location (i.e. connected to campus wired or wireless networks)
• on a computer connected to off campus network but using VPN connection

To report any MFA related issues, please submit your request for assistance by opening a ticket (select "Report MFA issue" in the Request Type field on the form).

Authentication Methods

You need to set up your authentication methods.

University of Windsor MFA users can pick any of the following secondary authentication methods as their second authentication "factors". We recommend enabling more than one in your profile so that in the event you are unable to proceed with your default secondary authentication method (as configured in your Microsoft work account profile), you can click on Sign in another way link and select a different method.

1. Text message to your mobile phone containing the verification code
   You will be prompted to enter this code (i.e. second credential) when accessing MFA protected services and apps on non-trusted computers, right after entering their password.
    
2. Microsoft Authenticator mobile app
   A push notification is sent to the Microsoft Authenticator app installed on your mobile device when accessing MFA protected services and apps on non-trusted computers. You will view the notification and select Approve to complete verification. If your phone is not connected to wi-fi or does not use mobile data, you will be prompted to enter verification code (i.e. second credential) when accessing MFA protected services and apps on non-trusted computers, right after entering their password. The Microsoft Authenticator app is available for iOS and Android platforms and can be downloaded from Apple and Google app stores.
    
3. FIDO2 Key
   FIDO2 security keys are an unphishable standards-based passwordless authentication method that can come in any form factor, but is usually a USB, USB-C or NFC "key". Fast Identity Online (FIDO) is an open standard for passwordless authentication.  You will need to insert (in the case of USB) or tap (NFC) the key when prompted to authenticate. FICO2 Keys can be purchased through the University at Security Key | Information Technology Services (uwindsor.ca). Alternatively, for a list of vendors with known-compatible FIDO2 keys, see: Azure Active Directory passwordless sign-in - Microsoft Entra | Microsoft Learn.
    
4. Call to phone number provided 
   An automated voice call is placed to the number that you listed in your profile when accessing MFA protected services and apps on non-trusted computers. You will answer the call and presses # on the phone keypad to approve the authentication. 
   Discontinued as of July 2023

For more details, please see Options for Second Factor of Authentication.

 

Signing in with MFA

Once you have configured your authentication methods and MFA was enabled on your UWin Account, the next time you log in to any MFA protected resources, you will be prompted for your login, password, and your MFA code or verification through the authenticator app. You will have the option to not ask again on that device for 30 days. Do not check that box if you are using a public computer (eg. library or computer lab workstation).

If you did not configure your authentication methods as part of extending or activating your UWin Account, you will need to go through MFA setup on your first access of an MFA-protected resource.

If you are unable to proceed with your default secondary authentication method (as configured in your Microsoft work account profile), you can cllick on Sign in another way link and select a different method.

 

 

 

 

 

 

 

 

 

Note for Office 365 Android Users:  Currently there are no supported mail apps for Android that support MFA - IT Services recommends installing the Outlook app from the Google Play store, which will give you improved functionality over the built-in mail/calendar app as well as the ability to use MFA. 

Note for Office 365 iPhone Users:  If you are using the built-in mail/calendar app on iOS 11 or above, it does support MFA, but you must remove and re-add the account in order for it to function.  Please see the instructions here on how to remove and re-add your account:  https://uwindsor.teamdynamix.com/TDClient/1975/Portal/KB/Edit?ID=9459  However for the best supported experience, IT Services recommends the Outlook app.