University of Wisconsin-Milwaukee

Enrollment for all UWM Faculty and Staff is required as part of Information Security Administrative Procedure 1030.A.

Yes. Currently, enrolled students at UWM must authenticate using Microsoft MFA when logging into UWM apps.

After stealing your password, scammers will bombard you with frequent authentication requests hoping you will approve one. Some common ways they do this include: 

• Lots of MFA requests coming one after another 
• A few MFA requests each day for an extended period 
• A person calls/texts you posing as a figure from a reputable institution that requests your MFA authentication as part of a company process 

For more information about MFA Fatigue attacks and how number matching improves security, please review this article from the Cybersecurity & Infrastructure Security Agency (CISA). If you think you are experiencing MFA Fatigue, change your password immediately, and contact the UWM Help Desk. 

No. You must authenticate with Microsoft MFA in order to access Microsoft Teams; therefore, you MUST NOT use a Teams phone number as a verification method. When choosing security verification methods, phone number refers to any mobile or landline – you cannot submit a Teams phone as a verification method.

When configuring MFA, you may use the “Text” and “Call” options.

No. You will only need to download the application on one single device to be able to authenticate using the Microsoft Authenticator app.

The Microsoft Authenticator App is the recommended authentication method. To successfully install the app, you must be connected to the internet. However, after setting the application up, there is an authentication option that does not require data or WiFi use. A “Code Entry” can be utilized for this purpose or if you ever have connectivity concerns. For more info on this please review our instructions.

The contents of strictly personal communications (texts, emails, voice messages) or data are not subject to the Wisconsin Public Records Law simply by using the app to verify your identity. Strictly personal means that it is not related to university business. If you were using your personal device to conduct university business (such as responding to emails, texting a colleague about a work-related issue or leaving or receiving voice messages on work-related subjects, or accessing UWM digital assets) those communications which relate to the university business could be subject to the Wisconsin Public Records Law or could be the subject of a university-related subpoena. The contents of your personal communications that do NOT involve university business would not be subject to the Wisconsin Public Records law or to a university-related subpoena for university business records.

Location mapping is dependent on the IP that Microsoft identifies during authentication. This could be impacted by multiple factors including data center and/or cell tower location, and VPN use. The location mapping should be accurate, however, there may be some rare instances where the location could be off. 

• Cell Tower Example: If you are located in Minneapolis, MN, but your nearest cell tower is located in St. Paul, MN, the location listed on the MFA authentication prompt may read St. Paul. 
• Data Center Example: If you are located in Milwaukee, WI, but your Data Center is located in San Antonio, TX, the location listed on the MFA authentication prompt may read San Antonio. 
• VPN Example: If you are located in Milwaukee, WI, but you have your VPN service enabled and set to London, England, your location listed on the MFA authentication prompt may read London, England. 

For more information about location mapping, visit our KnowledgeBase article.

For Microsoft “Authenticator” MFA, all UWM faculty and staff members will be encouraged to use:

• a cell phone or tablet that is configured to use the “Authenticator” app (Recommended)
• a cell phone that can receive text messages (SMS)
• a non-Teams phone that can receive voice calls. Voice calls can be received by landline or cell phone.

Because Teams is Microsoft authentication-dependent, you *MUST NOT* submit your Teams phone number for either Microsoft MFA or your Microsoft Self-Service Password Reset (SSPR).

Limited quantities of hardware tokens (Fobs) will be available in the UWM TechStore. See the Enroll in Microsoft MFA section on the Faculty and Staff MFA page for information about Microsoft MFA compatible hardware tokens.

For a range of compelling reasons, UWM faculty and staff members are discouraged from requesting hardware fobs/tokens, including: the possibility of loss/theft; environmental impact considerations; cost containment; and consistency with higher education “best practices.”

Even so, provision of fobs/tokens will be done under the following circumstances:

1. To accommodate accessibility of a user
2. When a user lacks both a cell phone and a non-Teams landline
3. To support a user who works in a location without connectivity
4. When a user lacks a text plan on their cell phone
5. When a user’s cell phone plan assesses charges for individual text messages and/or call minutes

No, they are incompatible with Microsoft MFA. Old Duo hardware tokens can be dropped off at the UWM TechStore for safe, e-waste disposal.

The UWM Tech Store will collect them and dispose of them as e-waste. Visit them in the UWM Panther Shop to drop your old Fob off.

Visit our KB articles for step-by-step instructions on how to add your fob as your authentication method:

• Microsoft MFA (How To) Enroll a Hardware Token from a Sign-in Prompt
• Microsoft MFA (How To) Adding a Hardware Token as an Authentication Method

When using the Microsoft Authenticator mobile app, UWM will not be able to see the personal information on your device. The only data collected is related to the use of the app (operating system, application version, IP address of authentication attempt, etc.). Please feel free to review Microsoft’s data and privacy information in more detail here: https://www.microsoft.com/en-us/trust-center/privacy

If you enroll a smartphone or tablet with the Microsoft Authenticator App and have a cellular connection or a WiFi connection, you can authenticate as you normally would. If you are able to access these services with a cellular or WiFi connection, you will be able to authenticate.

Yes! You may use the phone number connected to the device as an authentication method. However; you cannot use your Teams phone number as an authentication method.

Yes, students currently enrolled at UWM will be required to enroll in multi-factor authentication to deliver an additional level of protection for their accounts. MFA is an essential element of cybersecurity and it will aid in protecting their online information as well as UWM’s.

Multi-Factor Authentication adds an additional layer of security to your login process to prevent your credentials from being compromised. If someone gains access to your account, not only do they have access to your personal information like credit card numbers, social security numbers, and home addresses, but they also gain access to our UWM internal ecosystem.

When an applicant at UWM enrolls for courses, they are required to enroll in MFA the next time they log into a UWM online service. Upon logging in, you will be prompted to confirm and add additional factors.

If you feel you do not have the technology to successfully enroll, please call the UWM Help Desk at 414-229-4040 or visit uwm.edu/helpdesk.

All UWM online services require MFA. This includes (but not limited to): Microsoft 365, Canvas and PAWS.

After stealing your password, scammers will bombard you with frequent authentication requests hoping you will approve one. Some common ways they do this include: 

• Lots of MFA requests coming one after another 
• A few MFA requests each day for an extended period 
• A person calls/texts you posing as a figure from a reputable institution that requests your MFA authentication as part of a company process 

For more information about MFA Fatigue attacks and how number matching improves security, please review this article from the Cybersecurity & Infrastructure Security Agency (CISA). If you think you are experiencing MFA Fatigue, change your password immediately, and contact the UWM Help Desk. 

You will need your UWM email address that looks like your ePantherID@uwm.edu, your password and your method for MFA authentication.

No, you will be given a “remember me” option on a per browser, per device basis. This means that if you access your email from your laptop and your phone, you will be required to authenticate on each device, but it will offer a “remember me” option that will save your authentication on that device.

For session durations, see our KnowledgeBase article.

Location mapping is dependent on the IP that Microsoft identifies during authentication. This could be impacted by multiple factors including data center and/or cell tower location, and VPN use. The location mapping should be accurate, however, there may be some rare instances where the location could be off. 

• Cell Tower Example: If you are located in Minneapolis, MN, but your nearest cell tower is located in St. Paul, MN, the location listed on the MFA authentication prompt may read St. Paul. 
• Data Center Example: If you are located in Milwaukee, WI, but your Data Center is located in San Antonio, TX, the location listed on the MFA authentication prompt may read San Antonio. 
• VPN Example: If you are located in Milwaukee, WI, but you have your VPN service enabled and set to London, England, your location listed on the MFA authentication prompt may read London, England.  

For more information about location mapping, visit our KnowledgeBase article.

No, any telephone or smart device will work. Smart devices are recommended as they provide the quickest, simplest experience through the approval of notification prompts. Additionally, SMS or text messages can be sent to your phone along with receiving a phone call for verification to the phone number on record.

Yes, we encourage you to enroll more than one method in case your main device is lost or unavailable.

Any student that feels they don’t have the technology to successfully enroll or has concerns about how the process will work for them should contact the UWM Help Desk. An IT professional will work directly with each student to find a solution that works best for them. Our IT staff can go through the authentication methods (mobile, app, text, and calling) with them, and ensure their phone is set up successfully or can determine an alternate path for MFA, if needed.

A wide array of MFA authentication methods are offered for our students: dedicated smartphone and tablet app, text message to cellphone, and phone calls to cellphone or landline.

Any student with questions or concerns about the MFA enrollment process or required MFA technology should contact the UWM Help Desk. An IT professional will work directly with the student to identify the best solution. Our IT staff can review the authentication methods, ensure successful phone configuration, and explore special accommodation, if appropriate. Fobs (tokens) can be provided to students to address special circumstances such as accessibility needs and appropriate technology resources.