This article provides step-by-step instructions for setting up, changing, and resetting multi-factor authentication (MFA) for your UNC accounts, managing your verification methods and trusted devices, and updating your default verification preferences.
To keep your Microsoft 365 account safe, the University uses a security method called 2-Step Verification. With this method, you verify your identity before you see certain sensitive information or access your Microsoft 365 applications. You may verify with the Microsoft Authenticator App, a phone call, or a passcode sent through a text message.
Before You Begin
Prerequisites: Before you can set up Multi-Factor Authentication (MFA), ensure you have the following:
- Onyen & password – If you don’t have one, visit Onyen Services and select Create or Reactivate Onyen to register.
- UNC email address – To sign up visit SelfService and select Email Sign-up, you will receive a notification once the process is complete.
- Duo Security – Visit 2-Step Verification: Duo Security and follow the steps to enroll if you haven’t already.
Note: Office 365 does not current support Hardware Tokens (e.g. (YubiKeys) or Security Keys.
Recommended. Set up multiple verification methods to maintain access in case your primary device becomes unavailable.
In This Article:
Setting up MFA
You can setup MFA using the Microsoft Authenticator app, A phone call, or via text message.
MFA Setup - Microsoft Authenticator App (Preferred)
- Please start by going to the Microsoft 365 landing page. https://Office.unc.edu
- Sign in using your your Onyen@ad.unc.edu email address and Onyen password.
- On the More information required page, select Next.
- On the next screen you will be prompted to download and install the Microsoft Authenticator App.
- On a smartphone, go to the app store and install the Microsoft Authenticator if it is not already installed. The application is published by Microsoft Corporation.
- Open the Microsoft Authenticator app if it is not already open and select Set up your account, if prompted allow notifications.
- If you already have an account select the + sign to add a new account.
- Select Work or School Account.
- Select Scan QR code.
- Back to the computer, select Next on the Start by getting the app screen.
- Select Next again on the Set up your account page.
- Use the MFA app on your smartphone to scan the QR code displayed on the computer's screen. Your account should now be added to the Microsoft Authenticator App.
- On the computer, select Next.
- A verification code will be sent to your smartphone. Enter the code in the app and approve the login to proceed.
- On your Computer Select Next.
- Once the notification is approved you will received a screen confirming it was approved, and confirming the default sign in method. Please hit Done.
- MFA is now setup!
MFA Setup - Phone Call/SMS Methods
- Please start by going to the Microsft 365 landing page. https://Office.unc.edu
- Sign in using your your Onyen@ad.unc.edu email address and Onyen password.
- On the More information required page, select Next.
- On the Start by getting the app screen. click I want to set up a different method.
- You will be prompted to Chose a different method Select Phone.
- From the Phone screen, enter your phone number. Choose the desired method: Call me or Receive a code
- Click Next.
- If you selected Call me, you will receive a call from Microsoft, tap the # key on your phone to approve the authentication.
- If you selected Receive a code, you will receive a text message. Enter in the code sent to your phone to approve the authentication.
- you'll see a message saying verification is complete. Click Next.
- The final notification will confirm that your MFA authentication has been successfully linked to your account. Click Done.
Note: The University recommends setting up an additional authentication method other than the default. For example, if you set up the Microsoft Authenticator App as the default, setting up a landline (if one is available) would be great. That way if you lose or forget your mobile device you will be able to authenticate. Please follow the steps bellow under
Adding Devices to set up the additional method.
Modifying Existing MFA Settings
Add Verification Methods
- Please start by going to the Microsoft 365 landing page. https://Office.unc.edu
- Sign in with your Onyen@ad.unc.edu (use this exact format).
- Click on your profile photo or initials at the lower-left.
- On your profile panel, click View Account. A new tab My Account will open.
- On the new tab, on the Security Info tile, click Update Info.
- To add a new device, click + Add sign in method near the top.
- Microsoft offers seven different methods that can be used for 2-step verification:
- Passkey in Microsoft Authenticator: This option will allow you to use your phone itself to verify your identity via Bluetooth, the phone must be present at the device you authenticate against.
- Security key: These cannot be used currently.
- Microsoft Authenticator app (recommended): This option will guide you through setting up an app, such as the Microsoft Authenticator app, on your mobile device.
- Hardware token: These cannot be used currently.
- Phone: This will allow to set up a phone to receive calls/texts to verify logins.
- Alternate phone: This is an option to set up a new phone that can be used, if your primary phone is unavailable.
- Office phone: This option can only receive calls, so you can add an office number or any landline to verify your logins through a phone call. This option will not appear if there is already an Office phone listed on your account, to add a new Office phone the previous one must be removed.
- Select the method of your choosing and add the device following the directions provided.
Remove Verification Methods
- Please start by going to the Microsoft 365 landing page. https://Office.unc.edu
- Sign in with your Onyen@ad.unc.edu (use this exact format).
- Click on your profile photo or initials at the lower-left.
- On your profile panel, click View Account. A new tab My Account will open.
- On the new tab, on the Security Info tile, click Update Info.
- Select Delete next to the option you would like to remove.
- You will receive a confirmation prompt asking if you are sure you would like to delete this method for your account, select OK.
Set/Change Default Verification Methods
- Please start by going to the Microsoft 365 landing page. https://Office.unc.edu
- Sign in with your Onyen@ad.unc.edu (use this exact format)
- Click on your profile photo or initials at the lower-left.
- On your profile panel, click View Account. A new tab My Account will open.
- On the new tab, on the Security Info tile, click Update Info.
- Near the top of the screen, click Change next to "Sign-in method when most advisable is unavailable"
- On the Change default method pop-up, choose the default sign-in option from the drop-down.
- Click Confirm to save your changes.
Resetting MFA
- Please start by going to the Self Service Page.
- If you are prompted to sign in, please use your Onyen and Password.
- Approve the sign in with 2-Step Authentication for DUO if directed.
- Select MFA Reset from the list in the center of the page or on the menu on the left hand side of the page (These links lead to the same page).
- Select Reset.
- You should see the message "MFA is not enabled for this account, Please proceed with enabling MFA for your account" this indicates that MFA has been reset.
- Right click on Microsoft 365 landing page and open it in a new private browsing window or use a different browser to go to https://office.unc.edu
- Sign in with your Onyen@ad.unc.edu address and password. If you are not prompted to Sign in, please try using a different Internet browser, or signing out and then loading the page again.
- You should now be prompted to Sign up for MFA and can follow the steps from Setting Up MFA.
Note: If you are unable to reset MFA using the Self Service website, or run into any issues with the provided steps. You can contact the
UNC ITS Service Desk for assistance with MFA or for MFA to be manually reset.