MICROSOFT MULTI-FACTOR AUTHENTICATION

Multi-Factor Authentication (MFA) Migration to Microsoft

During Spring 2026, EIU is transitioning from Duo to Microsoft MFA. Duo will remain available only during the migration period.

Microsoft’s MFA is included in EIU’s existing license, which reduces costs and helps us continue providing strong security without increasing student fees.

The setup takes about 15 minutes. We encourage everyone to migrate early at a time that works best for you.

Migration Timeline

Employees

February 2 through February 27

Students

March 15 through April 15

Annuitants

May 15 through June 15

Enrolling with a Prompt from Microsoft - Using a Computer

When you sign into any Microsoft 365 web based application, you will be prompted for More information required to begin the Microsoft Authenticator enrollment. Click Next.

Microsoft Authenticator Prompt

Download the Microsoft Authenticator App if you have not done this yet

Visit the Apple app store or Google play store on your mobile device and install the Microsoft Authenticator app. Alternatively, visit aka.ms/authapp to find QR Codes that will send you to the store for your Apple or Android mobile device.

You may also search in the Google Play store or Apple App store for "Microsoft Authenticator" to manually download.*(If manually downloading, please be aware of of the app that you are downloading. It should be fully named "Microsoft Authenticator")

Computer: Set up your account on the Authenticator App. Click on Next.

Computer: A QR Code will appear in the next step. You will come back to this and scan with your mobile device.

Scan Qr Code

Mobile Device: Open the Microsoft Authenticator app on your mobile device and select Add work or school account.

- iPhone users press the plus sign button in the upper right to add an account, then select work or school account.

Mobile Device: Choose Scan a QR code.

Computer: Back on your computer, scan the QR code with the Microsoft Authenticator app on your mobile device to enable your account. Once the scan is successful, click Next. (Make sure you continue to the step below "Lets Try It Out")

Can't Scan?

If you are unable to Scan the QR code, select the Can't Scan image? option which will provide you with a code to copy and a URL to visit to activate.

If you can't scan because it says that your account has already been activated and there is a UW-Stout account on your mobile app, please click Next to continue as normal.

Please contact the helpdesk at 217-581-4357 if errors still occur.

Can't Scan

Let's try it out! Microsoft Authenticator will prompt you on your computer screen with a number to enter in your mobile app. Your mobile app will detect that a sign in is being requested.

Enter the number shown in your Microsoft Authenticator App on your mobile device and then click Yes on your mobile device to approve.

Success! Your MS Authenticator account has been set up.

Success!

Enrolling with a Prompt from Microsoft - Using a Mobile Device

Please Note: Screen shots are for an iPhone but the process is similar on an Android device.

When you sign into any Microsoft 365 web based application, you will be prompted for More information required to begin the Microsoft Authenticator enrollment. Click Next.

Microsoft Authenticator Prompt

Start by getting the App. (If you already have the Microsoft Authenticator app, click on Next.)

1. Click on Download now to install the Microsoft Authenticator app.
2. After the App is installed, return to the set up screen. Click on Next

Set up your account in the App

Click on Pair your account to the app by clicking this link. This will take you back to the Authenticator app.

Pair your account option

On the "Open in Authenticator" pop up, click on Open.

Click on the University of Eastern Illinois University account. This will pair your account.
Return to the set up page to complete the setup. Note the number shown on the screen.
Go to the Microsoft Authenticator App and enter the number on the set up screen. Click on Yes.
Microsoft will approve your notification. Click on Next.
If your account is successfully registered, you will see a Success message.

Success Message

Setting up Microsoft Authenticator Manually on a Computer

Setup

In your browser, go to the Microsoft Security Info webpage. (If prompted, sign in with your EIU credentials).

Click on Add Sign-in Method.

Click on the Choose a Method drop-down menu and select Authenticator app.

add a method

Click Add.

add a method 2

You will be prompted to download/install the Microsoft Authenticator app on your mobile device. Click the blue, hyperlinked words: Download Now.

Note:If you have Microsoft Authenticator already installed, you can skip this step and the next step

keep account secure

A new window will appear with two separate QR codes (one for Apple/iOS devices and one for Androids). Scan the QR code that matches your device.

get app on phone

Note: If you are unable to scan the QR code, click the corresponding “Get the app” button beneath the QR code that matches your device.

Once installed, open the Microsoft Authenticator app on your mobile device.

In the top right corner of the screen, tap the “+” icon to add a new account.

authenticator

Select the Work or School Account option.

work or school

Select the Scan a QR Code option.

scan qr code

Note: You may need to choose “Allow” to grant Microsoft Authenticator access to use your camera (in order to scan the QR code).

In your browser, click Next to begin your account setup.

keep account secure

A QR code that is specific to your EIU account will appear on screen. Using the Microsoft Authenticator app, scan the QR code.

qrcode

A notification will briefly appear on your phone that says, “Account added successfully.”Once you have received this notification, the words Eastern Illinois University and your EIU email address will be listed in the Microsoft Authenticator app.

Setting up Microsoft Authenticator Manually on a Mobile Phone without access to a Computer

Go to the app store or play store on your mobile device and download Microsoft Authenticator:

https://play.google.com/store/apps/details?id=com.azure.authenticator&pcampaignid=web_share

https://apps.apple.com/us/app/microsoft-authenticator/id983156458

Play store displaying Microsoft Authenticator example

Step 2: Select Work or School Account

If this is the first time you're using the app, you'll select the "Add work or School Account" option.

Add work or school account option

If you've previously used Microsoft Authenticator, you'll select the plus arrow in the top right, and then Work or School Account.

Microsoft authenticator plus button Microsoft Authenticator screen showing work or school account selected

Step 3: Sign In With your EIU Credentials

Enter your EIU email

Microsoft Authenticator showing Open in Browser Button

Click Next

Step 4: Finish Setting up on a Web Browser

Click the Open Browser button to open your default browser.

Microsoft Authenticator Screen showing Open Browser Button

If you aren't logged into your Microsoft Account, it will ask you do so again in this step.

Step 5 (Skip this Step if the Browser goes straight to Step 6): Select Add Sign in Method:

Sometimes the browser will not go straight to the next step, so you need to click Add Sign in Method:

Add Sign in Method screen

Then select Microsoft Authenticator as the option:

Microsoft authenticator Selection

Step 6: "Lets Keep your Account Secure"

Click Next on this screen:

Screen Saying Let's keep your account secure

Step 7: "Start by Getting the App":

Click Next on this screen:

Microsoft authenticator screen showing Start by getting the app

Step 8: "Set up your account in the app":

Click the Pair your account to the app by clicking this link.

Microsoft Authenticator screen showing set up your account in the app

Step 9: Allow Notifications

If Microsoft Authenticator prompts to allow Notifications, click Allow. This is necessary for it to work.

Microsoft Authenticator Allow Notifications Prompt

Step 10: Microsoft Authenticator Displays Your Account:

If this step worked, Microsoft Authenticator will display your EIU email within the home screen:

Microsoft Authenticator Home Screen

Step 11: Return to The Browser

Return to the Browser App that opened in step 4.

Select Next.

Microsoft Authenticator in Browser

Step 11: Let's Try it Out

Microsoft Authenticator will display a number on the Browser, and will notify your phone as shown below.

Mirosoft authenticator Number Prompt

Open Microsoft Authenticator through the notification. If you miss it, you can manually return to the app and it will display the prompt shown below:

Microsoft Authenticator Prompt

Select Yes

Step 12: Return Back To Browser (If not done, the pairing will not work)

Return back to the browser from the previous steps. If Successfully done, the prompt will now display Notification Approved.

Click Next.

Image Showing Notification Approved

Step 13: Complete

The Prompt will display below if fully complete. Without this screen, the authentication might not have been setup correctly.

Success!

New Phone & Managing Devices

To add a new device for Microsoft Multi-Factor Authentication (MFA), go to `https://mysignins.microsoft.com/security-info`, sign in with your EIU credentials, select + Add sign-in method, choose Authenticator app, and follow the on-screen instructions to scan the QR code displayed on your computer with the Microsoft Authenticator app on your mobile device.

Here are the detailed steps:

Navigate to Security Info: Open a web browser on your computer and go to `https://mysignins.microsoft.com/security-info`, which is your personal security information page for your Microsoft account.
Sign in: Sign in to your Microsoft account using your EIU credentials.
Add a New Method: On the Security Info page, click the + Add sign-in method button.
Choose Authenticator App: Select Authenticator app from the dropdown menu.
Get the QR Code: Click Add and then Next. A QR code will appear on your computer screen.
Download the App: On your new mobile device, download and install the Microsoft Authenticator app from your device's app store (Google Play Store for Android or Apple App Store for iOS).
Add Your Account in the App: Open the Authenticator app on your new device, tap the plus (+) icon, select Work or school account, and then tap Scan QR code.
Scan and Approve: Scan the QR code displayed on your computer with your mobile device. You may be prompted to approve the notification on your phone.
Complete Setup: On your computer, select Next to complete the setup.

Frequently Asked Questions

Why is EIU moving from Duo to Microsoft for MFA?

Microsoft now provides a full MFA solution as part of EIU’s current licensing. Moving to Microsoft reduces costs. Duo is partially funded through student fees, so this change helps us maintain IT services without increasing those fees.

Will this migration be disruptive to my work or classes?

No. You have a four week window to migrate so you can complete the process at a convenient time.

What happens if I don’t migrate by my deadline?

If you do not migrate by your assigned date, your account will be automatically moved the following week. You will be required to set up Microsoft MFA before accessing EIU systems. This may interrupt your work or classes, so we strongly recommend completing the migration early.

Can I still use Duo after I set up Microsoft MFA?

Yes. Both options will work until February 27. Once you migrate to Microsoft MFA all future MFA requests will utilize Microsoft MFA.

How is Microsoft MFA different from Duo?

Microsoft MFA uses a different mobile app, but approving a sign-in works almost the same way. You will receive a prompt on your device and confirm your login.

If I use a YubiKey, do I need to migrate now?

No. Continue using Duo with your YubiKey for now. Additional instructions will be shared soon.

How does MFA protect my account?

MFA adds an extra layer of security beyond your NetID and password. Even if someone steals your password, they cannot log in without your approval on your registered device. This helps protect your email, files, and personal information.

What if I forget my phone or device?

Call the EIU Help Desk at 217-581-4357. They can provide a temporary bypass after verifying your identity so you can access your account.

Does the Microsoft MFA app track me?

No. The app only knows general information like your city location and device type. It does not track your activity or exact location.

Why am I seeing security warnings in the app?

The app may alert you if your device has potential security risks, such as no screen lock. Addressing these warnings helps keep your account secure. If you have questions, contact the Help Desk for guidance.

What if I don’t have a smartphone?

You have options. You can use:

A tablet
A YubiKey (USB security key)

YubiKeys are available from major retailers and the EIU Bookstore. If you cannot purchase one, email info-sec@eiu.edu for assistance.

Panthertech