Beginning on 07/31/2024 Michigan Medicine no longer allows VPN access from devices that are not managed by Michigan Medicine. Managed devices include core image devices, personal phones enrolled in Intune, and ITS devices using MiWorkspace.

Contractors using Cisco Secure Client (AnyConnect) to access Michigan Medicine resources from un-managed devices must transition to Windows Virtual Desktop (WVD). Site-to-Site VPN tunnels are not being affected and will continue working.

Michigan Medicine internal resources can be accessed through secure connections only. Standard credentials are used, except to RDP to one of our servers, which requires privileged usernames and passwords. Follow these instructions to establish a secure connection and to obtain your privileged account password.

Enroll or Update Duo

• Duo enrollment only needs to be done once and may have already been done.
  • To enroll in Duo, use your unique name and password to login to https://lvl2.med.umich.edu/duoenroll.
  • Initial Duo multi-factor authentication enrollment (KB0023971)
• If you are already enrolled but need to make changes, login to http://password.it.umich.edu/
  • Duo - Adding/Changing a Phone/Token (KB0011447)  

Connect to Windows Virtual Desktop (WVD)

• We strongly recommend using the Remote Desktop client instead of a web browser to connect to WVD. 
  • Windows Virtual Desktop (WVD) - Getting Started (KB0011406)
  • Windows Remote Desktop client installation (KB0011383)
  • Mac Remote Desktop client installation (KB0011384)
• For quick incidental access, Microsoft Edge, Google Chrome, Apple Safari, or Firefox can be used via https://virtual.med.umich.edu.
  • Web client WVD access (KB0011382)
• WVD allows access to internal websites, applications like Desigo WebClient, TempTrak, Maximo, and to RDP. 
• The username for WVD is the unique name followed by @med.umich.edu even if you don't have an email address with Michigan Medicine.
• Copy/Paste between WVD and your computer will not work. You may only copy/paste within WVD or servers.
• To transfer files to WVD use OneDrive, DropBox, or similar

Obtain your Privileged Account Password

• Privileged accounts and passwords are only required to RDP to one of our servers. Use your regular username and password for everything else.
• From WVD launch a web browser and login to https://pim.med.umich.edu/PasswordVault/.
• Click on a username that begins with umhs- (UMHS dash) followed by your unique name and click on show to see the password.
  • Show password also shows when the privileged password will expire.

RDP to a Server

• If there is a site-to-site VPN connection between Michigan Medicine and your network, you may logoff from WVD and launch the Remote Desktop Connection client from your own device.
  • Otherwise, you must launch the Remote Desktop Connection client from the WVD Start Menu.
• From the Start menu type Remote Desktop and click on "Remote Desktop Connection App".
• Enter the server's name or IP address and click on "Connect".
• You must use your privileged username and password to login. Note the username in the prompt for your credentials must begin with UMHS\UMHS- (UMHS backslash UMHS dash) followed by your unique name. If it doesn't, click on "More choices" and "Use a different account" to enter your privileged username.
• Always sign out from the RDP session from the Start menu, select your user profile icon, "Sign out".
  • If you accidently close the RDP window, log back in and properly sign out.