Multi-Factor Authentication (MFA) Migration to Microsoft
During Spring 2026, EIU is transitioning from Duo to Microsoft MFA. Duo will remain
available only during the migration period.
Microsoft’s MFA is included in EIU’s existing license, which reduces costs and helps
us continue providing strong security without increasing student fees.
The setup takes about 15 minutes. We encourage everyone to migrate early at a time
that works best for you.
Migration Timeline
Employees
February 2 through February 27
Students
March 15 through April 15
Annuitants
May 15 through June 15
Setting up Microsoft Authenticator Manually on a Computer
Click on the Choose a Method drop-down menu and select Authenticator app.
Click Add.
You will be prompted to download/install the Microsoft Authenticator app on your mobile
device. Click the blue, hyperlinked words: Download Now.
Note:If you have Microsoft Authenticator already installed, you can skip this step and
the next step
A new window will appear with two separate QR codes (one for Apple/iOS devices and
one for Androids). Scan the QR code that matches your device.
Note: If you are unable to scan the QR code, click the corresponding “Get the app” button
beneath the QR code that matches your device.
Once installed, open the Microsoft Authenticator app on your mobile device.
In the top right corner of the screen, tap the “+” icon to add a new account.
Select the Work or School Account option.
Select the Scan a QR Code option.
Note: You may need to choose “Allow” to grant Microsoft Authenticator access to use your
camera (in order to scan the QR code).
In your browser, click Next to begin your account setup.
A QR code that is specific to your EIU account will appear on screen. Using the Microsoft
Authenticator app, scan the QR code.
A notification will briefly appear on your phone that says, “Account added successfully.”Once you have received this notification, the words Eastern Illinois University and your EIU email address will be listed in the Microsoft Authenticator app. YOU MUST PRESS THE DONE TO COMPLETE THE SET UP
Setting up Microsoft Authenticator Manually on a Mobile Phone without access to a
Computer
Go to the app store or play store on your mobile device and download Microsoft Authenticator:
If this is the first time you're using the app, you'll select the "Add work or School Account" option.
If you've previously used Microsoft Authenticator, you'll select the plus arrow in the top right, and then Work or School Account.
Step 3: Sign In With your EIU Credentials
Enter your EIU email
Click Next
Step 4: Finish Setting up on a Web Browser
Click the Open Browser button to open your default browser.
If you aren't logged into your Microsoft Account, it will ask you do so again in this
step.
Step 5 (Skip this Step if the Browser goes straight to Step 6): Select Add Sign in
Method:
Sometimes the browser will not go straight to the next step, so you need to click
Add Sign in Method:
Then select Microsoft Authenticator as the option:
Step 6: "Lets Keep your Account Secure"
Click Next on this screen:
Step 7: "Start by Getting the App":
Click Next on this screen:
Step 8: "Set up your account in the app":
Click the Pair your account to the app by clicking this link.
Step 9: Allow Notifications
If Microsoft Authenticator prompts to allow Notifications, click Allow. This is necessary
for it to work.
Step 10: Microsoft Authenticator Displays Your Account:
If this step worked, Microsoft Authenticator will display your EIU email within the
home screen:
Step 11: Return to The Browser
Return to the Browser App that opened in step 4.
Select Next.
Step 11: Let's Try it Out
Microsoft Authenticator will display a number on the Browser, and will notify your
phone as shown below.
Open Microsoft Authenticator through the notification. If you miss it, you can manually
return to the app and it will display the prompt shown below:
Select Yes
Step 12: Return Back To Browser (If not done, the pairing will not work)
Return back to the browser from the previous steps. If Successfully done, the prompt
will now display Notification Approved.
Click Next.
Step 13: Complete
The Prompt will display below if fully complete. Without this screen, the authentication
might not have been setup correctly.
New Phone & Managing Devices
To add a new device for Microsoft Multi-Factor Authentication (MFA), go to `https://mysignins.microsoft.com/security-info`, sign in with your EIU credentials, select + Add sign-in method, choose Authenticator app, and follow the on-screen instructions to scan the QR code displayed on your computer
with the Microsoft Authenticator app on your mobile device.
Here are the detailed steps:
Navigate to Security Info: Open a web browser on your computer and go to `https://mysignins.microsoft.com/security-info`, which is your personal security information page for your Microsoft account.
Sign in: Sign in to your Microsoft account using your EIU credentials.
Add a New Method: On the Security Info page, click the + Add sign-in method button.
Choose Authenticator App: Select Authenticator app from the dropdown menu.
Get the QR Code: Click Add and then Next. A QR code will appear on your computer screen.
Download the App: On your new mobile device, download and install the Microsoft Authenticator app from your device's app store (Google Play Store for Android or Apple App Store for
iOS).
Add Your Account in the App: Open the Authenticator app on your new device, tap the plus (+) icon, select Work or school account, and then tap Scan QR code.
Scan and Approve: Scan the QR code displayed on your computer with your mobile device. You may be prompted
to approve the notification on your phone.
Complete Setup: On your computer, select Next to complete the setup.
Move Your Existing Yubikey or Activate a New Yubikey
Please call the Help Desk and ask to be placed into the YubiKey Groups so you will
be prompted correctly as a Yubikey user.
When logging into EIU Applications, the Pin is something you will need to enter each
time then press the gold button on the Yubikey
Go to Microsoft security settings in Microsoft Edge, if Edge does not work on the
first attempt, try Chrome. We have found that it may take two or three attempts.
👉 https://mysignins.microsoft.com/security-info
Sign in with your EIU Microsoft account (it may sign you in if you are signed into another
EIU Application in that browser already (such as Paws, Panthermail)
Enter the Temp Access Pass provided to you from the Help Desk (you will need to call the Help Desk for this,
217-581-4357) You may not be prompted for this at all, if you are not, then continue
on with the instructions.
Click “Add sign-in method”
From the dropdown, choose: Security key
Select the key type:
USB device (most YubiKeys)
Insert your YubiKey when prompted,
Touch the YubiKey (gold circle or contact) when it flashes
Create a PIN for the YubiKey
This is required by Microsoft; It’s separate from your account password
Name the key Example: “YubiKey – Blue USB” or “Primary YubiKey”
Click Done
That’s it — the key is now linked to your Microsoft account 🔐
How you’ll use it to sign in
Log into an EIU Application (Paws, D2L, Panthermail)
When prompted, insert the YubiKey
Enter the YubiKey PIN
Touch the key
Frequently Asked Questions
Why is EIU moving from Duo to Microsoft for MFA?
Microsoft now provides a full MFA solution as part of EIU’s current licensing. Moving
to Microsoft reduces costs. Duo is partially funded through student fees, so this
change helps us maintain IT services without increasing those fees.
Will this migration be disruptive to my work or classes?
No. You have a four week window to migrate so you can complete the process at a convenient
time.
What happens if I don’t migrate by my deadline?
If you do not migrate by your assigned date, your account will be automatically moved
the following week. You will be required to set up Microsoft MFA before accessing
EIU systems. This may interrupt your work or classes, so we strongly recommend completing
the migration early.
Can I still use Duo after I set up Microsoft MFA?
Yes. Both options will work until February 27. Once you migrate to Microsoft MFA
all future MFA requests will utilize Microsoft MFA.
How is Microsoft MFA different from Duo?
Microsoft MFA uses a different mobile app, but approving a sign-in works almost the
same way. You will receive a prompt on your device and confirm your login.
If I use a YubiKey, do I need to migrate now?
No. Continue using Duo with your YubiKey for now. Additional instructions will be
shared soon.
How does MFA protect my account?
MFA adds an extra layer of security beyond your NetID and password. Even if someone
steals your password, they cannot log in without your approval on your registered
device. This helps protect your email, files, and personal information.
What if I forget my phone or device?
Call the EIU Help Desk at 217-581-4357. They can provide a temporary bypass after
verifying your identity so you can access your account.
Does the Microsoft MFA app track me?
No. The app only knows general information like your city location and device type.
It does not track your activity or exact location.
Why am I seeing security warnings in the app?
The app may alert you if your device has potential security risks, such as no screen
lock. Addressing these warnings helps keep your account secure. If you have questions,
contact the Help Desk for guidance.
What if I don’t have a smartphone?
You have options. You can use:
A tablet
A YubiKey (USB security key)
YubiKeys are available from major retailers and the EIU Bookstore. If you cannot purchase
one, email info-sec@eiu.edu for assistance.
.png)
