The uw.edu Entra ID domain supports two 2FA providers: Duo and Azure MFA. Users are generally encouraged to use Duo. The Microsoft Authenticator App is the primary client for Azure MFA, so if you are directed to use it, there may be a problem unless you have one of the scenarios noted below.
Duo is the primary 2FA provider at the UW and the default choice with Entra ID. To enable Duo:
- For Personal UW NetIDs: On a per-user basis, you can enable Duo with Entra ID , via ‘Opt in to use 2FA on the Web’. This will enable 2FA for all web applications that use Entra ID for authentication.
- For Admin UW NetIDs, you are required to use Duo via the Web.
- On a per-application basis, the application owner can require Duo.
The typical sign-in experience for a UW Entra ID user account with Duo 2FA enabled is detailed here.
Azure MFA is ONLY for a few scenarios, including:
- Entra ID only user accounts (which are not entitled to Duo)
- scenarios where another Entra ID tenant requires Azure MFA to access resources in that tenant
- scenarios where the user wishes to eliminate ‘Your single-use code’ email notifications from Microsoft, which are automatically generated by Microsoft when a security event of note occurs, e.g. a sign in attempt from a new device might result in generation of a single-use code as additional verification
- scenarios where the user wishes to enable Windows Hello for Business and leverage Azure MFA to do so
NOTE: Outside of the above scenarios, users are recommended to NOT add another authentication method to their UW Entra account. If you do need help with your Entra authentication methods, please refer to https://support.microsoft.com/en-us/account-billing/change-your-two-step-verification-method-and-settings-c801d5ad-e0fc-4711-94d5-33ad5d4630f7. Users which enable both Duo and Azure MFA may be prompted by both.