Multifactor Authentication (MFA) with Microsoft Authenticator

IMPORTANT: Current students, faculty, and staff should use Duo for multi-factor authentication with Pitt Passport sign-ins. For more information and instructions on how to set up Duo, please visit Setting Up Multifactor Authentication with Duo.

Multi-factor authentication, or MFA, adds another layer of security to your user accounts by requiring two or more methods, or “factors”, to verify your identity: something you know (such as your password), something you have (such as your smart phone), or something you are (biometrics). 

Some applications and types of user accounts are protected by Microsoft Authenticator for MFA to access services provided by the University of Pittsburgh. In addition, beginning October 15, 2024, Microsoft requires Microsoft Authenticator for access to the Azure administration portal, the Microsoft Entra ID admin center, and the Microsoft Intune admin center. Beginning early 2025, Microsoft also requires Microsoft Authenticator for access to the Azure CLI, Azure PowerShell, the Azure mobile app, and some Infrastructure as Code (IaC) tools.

Please see the following announcement from Microsoft for more information: Announcing mandatory multi-factor authentication for Azure sign-in

Contents

Initial Setup

  1. If the Microsoft Authenticator app is required and you have not yet set it up for your Pitt Passport account, when signing in to a University service protected by Microsoft MFA you will be prompted with a “More information required” message similar to the screen shot below. Click the Next button to begin the set-up process.

Uploaded Image (Thumbnail)

  1. Alternatively, browse to https://mysignins.microsoft.com/security-info and log in with your Pitt Passport user name and password. Click the Add sign-in method button and then select Authenticator app from the drop-down menu to continue.
  2. Before continuing, download and install the Microsoft Authenticator app on your iOS or Android smart phone. Once installed, click Next to continue. 

Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)

  1. Open the Microsoft Authenticator app on your smart phone. IMPORTANT: If prompted, allow notifications.  
  2. Follow the on-screen prompts to add an account, and select “Work or school account” and then “Scan QR code.

Uploaded Image (Thumbnail)

  1. Return to the setup wizard and click the Next button.

Uploaded Image (Thumbnail)

  1. Use your smart phone’s camera to scan the displayed QR code and connect your account with the Microsoft Authenticator app.

Uploaded Image (Thumbnail)

  1. You should now see University of Pittsburgh listed in the Microsoft Authenticator app with your email address.

Uploaded Image (Thumbnail)

  1. Click the Next button in the setup wizard to continue.
  2. The wizard will now test to make sure your account is configured correctly. Not the number that’s displayed in the bottom of the window.

Uploaded Image (Thumbnail)

  1. Open the Microsoft Authenticator app and you should see a prompt asking “Are you trying to sign in?”. Confirm that this prompt includes University of Pittsburgh and your Pitt Passport email address, enter the number provided by the setup wizard into the text box, and press Yes.

Uploaded Image (Thumbnail)

  1. If successful, the setup wizard will confirm that the notification was approved. Click the Next button.

Uploaded Image (Thumbnail)

  1. Click the Done button to complete the enrollment process.

Uploaded Image (Thumbnail)

 

Congratulations! Your account is now protected with Microsoft Authenticator for MFA!

The next time you sign in to a University service that requires Microsoft Authenticator for MFA, such as the Azure administration portal, you may be prompted on your smart device to approve the sign in request from the Microsoft Authenticator app. Open the app and enter the number shown to complete the sign in process.

Adding a phone number for account recovery

If your device running the Microsoft Authenticator app is lost, stolen, replaced, or you are otherwise unable to access the Microsoft Authenticator application, it is important to link a phone number to your account so that you can continue to sign in and update your security information.

  1. Open a web browser and navigate to https://outlook.office.com/mail/.
  2. Sign in with your Pitt Passport account.
  3. In the upper right corner of the window, click on your name and then the “View account” link.

Uploaded Image (Thumbnail)

  1. Click Security info on the left navigation bar.

Uploaded Image (Thumbnail)

  1. Click Add sign-in method.

Uploaded Image (Thumbnail)

  1. Select Phone from the drop down menu and then click the Add button.

Uploaded Image (Thumbnail)

  1. Select your country code, enter the phone number you wish to use in the space provided, and then select the method you wish to use to verify that the number entered is yours:
  • Receive a code – You will receive an SMS text message at the number provided with a one time access code.

  • Call me – You will receive a phone call with instructions on how to complete the verification process.

    Uploaded Image (Thumbnail)
  1. Click the Next button to begin the verification process. If Receive a code was selected, enter the 6 digit code that was sent to you via SMS text message into the prompt. If Call me was selected, answer the phone call and follow the voice prompts to complete the process.

Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)

 

Approving Sign in Requests

Once your account has been set up for MFA with Microsoft Authenticator, you may be required to approve sign in requests after using your user name and password to sign in to Pitt Passport.

There are several options available for approving sign in requests with Microsoft Authenticator, including:

  1. Push Notification
  2. One-Time Password
  3. SMS Text Message
  4. Voice Call

 

Push Notification

  1. Upon being prompted to “Approve sign in request”, a number will be displayed and a notification sent to the Microsoft Authenticator app on your smart phone.

Uploaded Image (Thumbnail)Uploaded Image (Thumbnail)

  1. Open the Microsoft Authenticator app and you will be asked to confirm that you are trying to sign in with your University of Pittsburgh account.

Uploaded Image (Thumbnail)

  1. Enter the number that was provided and press Yes to complete the sign in process

 

One-Time Passcode

If you do not receive the push notification or are not automatically prompted within the Microsoft Authenticator app, you can use a temporary, one-time passcode to confirm your identity and complete the sign in process.

  1. When prompted to approve your sign in request, click the link for “I can’t use my Microsoft Authenticator app right now”.​​​​​​​

Uploaded Image (Thumbnail)

  1. You will be presented with a list of alternative methods to approve the request. Click on “Use a verification code”.​​​​​​​

Uploaded Image (Thumbnail)

  1. You will be prompted to enter a code to continue.​​​​​​​

Uploaded Image (Thumbnail)

  1. Open the Microsoft Authenticator app on your smart phone and open the entry for University of Pittsburgh and your Pitt Passport email address. 

Uploaded Image (Thumbnail)

  1. Enter the six-digit number shown under “One-time password code" into the “Enter code” prompt and click the Verify button to complete the sign in process. IMPORTANT: Note the small timer to the left of the code in the Microsoft Authenticator app. When this timer reaches 0, the displayed code will no longer be valid a new code will be provided.​​​​​​​

Uploaded Image (Thumbnail)

 

SMS Text Message

If you have registered a phone number with your account and the Microsoft Authenticator app is not available to you, you can elect to receive an SMS text message to verify your identity and approve the sign in request.

  1. When prompted to approve your sign in request, click the link for “I can’t use my Microsoft Authenticator app right now”.​​​​​​​

Uploaded Image (Thumbnail)

  1. You will be presented with a list of alternative methods to approve the request. Click on “Text +X XXXXXXXXXX”.​​​​​​​

Uploaded Image (Thumbnail)

  1. Enter the code sent via SMS text message and click the Verify button to approve the request.​​​​​​​

Uploaded Image (Thumbnail)

 

Phone Call

If you have registered a phone number with your account and the Microsoft Authenticator app is not available to you, you can elect to receive a phone call to verify your identity and approve the sign in request.

  1. When prompted to approve your sign in request, click the link for “I can’t use my Microsoft Authenticator app right now”.​​​​​​​

Uploaded Image (Thumbnail)

  1. You will be presented with a list of alternative methods to approve the request. Click on “Call +X XXXXXXXXXX”.​​​​​​​

Uploaded Image (Thumbnail)

  1. Answer the phone call from +1 (855) 330-8653 and follow the voice instructions to approve the request.​​​​​​​

Uploaded Image (Thumbnail)

 

Reporting Fraud

IMPORTANT: If you are prompted to approve a sign in request and are not certain of the reason, it's important to deny the request and report it as fraudulent to protect your account from unauthorised activity.

  1. If you are prompted by Microsoft Authenticator to approve a sign in request that you do not recognize, press the No, it's not me button.​​​​​​​

Uploaded Image (Thumbnail)

  1. You will then be asked if you want to Report suspicious activity. Press Report to deny the sign in request and report the sign in attempt as fraudulent to Pitt IT. A member of the Pitt IT Security team may contact you for additional information.​​​​​​​

Uploaded Image (Thumbnail)

 

If you receive ANY unexpected SMS text messages providing verification codes or voice calls asking to confirm sign in activity for your Pitt Passport account, DO NOT APPROVE these requests and immediately contact the Pitt IT Help Desk to report the fraudulent activity.

 

Adding Additional Devices

  1. Open a web browser and navigate to https://outlook.office.com/mail/.
  2. Sign in with your Pitt Passport account.
  3. In the upper right corner of the window, click on your name and then the “View account” link.​​​​​​​

Uploaded Image (Thumbnail)

  1. Click Security info on the left navigation bar.​​​​​​​

Uploaded Image (Thumbnail)

  1. Click Add sign-in method.​​​​​​​

Uploaded Image (Thumbnail)

  1. Select Authenticator app from the drop down menu in the prompt that appears and then click the Add button.​​​​​​​

Uploaded Image (Thumbnail)

  1. Download the Microsoft Authenticator app on the new device and follow the on screen instructions to complete the set up process.​​​​​​​

Uploaded Image (Thumbnail)

 

Removing a device

If a device set up to approve your sign in requests, either with the Microsoft Authenticator app, SMS message, or phone call, is lost, stolen, replaced, or otherwise no longer available to you, it is important to timely update your account information and remove that device to maintain the security and integrity of your Pitt Passport account.​​​​​​​

  1. Open a web browser and navigate to https://outlook.office.com/mail/.
  2. Sign in with your Pitt Passport account.
  3. In the upper right corner of the window, click on your name and then the “View account” link.​​​​​​​

Uploaded Image (Thumbnail)

  1. Click Security info on the left navigation bar.​​​​​​​

Uploaded Image (Thumbnail)

  1. Locate the device you wish to remove in the list of sign-in methods and click the Delete link to remove it from your account.​​​​​​​

Uploaded Image (Thumbnail)

  1. Click the link to Sign out everywhere to ensure the removed device can no longer be used with your account and your data is protected.​​​​​​​

Uploaded Image (Thumbnail)

 

Troubleshooting

Please contact the Pitt IT Help Desk for any questions, issues, or concerns related to using the Microsoft Authenticator app with your Pitt Passport account.​​​​​​​

Print Article

Details

Article ID: 1977
Created
Thu 8/1/24 3:44 PM
Modified
Thu 10/3/24 1:00 PM

Related Articles (1)

Get started with multifactor authentication, provided by Duo Security.

Related Services / Offerings (1)

IDENTITY AND ACCESS MANAGEMENT Duo provides multifactor authentication to add another layer of security to your online accounts.