Step 1: The Microsoft Login Page

https://login.microsoftonline.com should be the URL of the Microsoft sign-in page. You should enter your user principal name (UPN), e.g. uniqname@med.umich.edu. 

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your UPN and reacts by giving you the appropriate Michigan Medicine authentication experience. Note the Michigan Medicine logo at the top, the UPN you entered in step 1, and the UM-specific policy text at the bottom. You enter your password into the password field.

Current Step 3: DUO Multifactor challenge (may not be required) - Now until 2/25/26

Assuming you entered a valid password, if multifactor is required, you'll be redirected to your MFA method. Before 2/25/26, that method is DUO, labeled as Cisco DUO EAM. 

Step 3a: Hit continue to proceed with the process on validating with DUO.

Step 3b: DUO 3 digit code challenge. 

Note the Block M logo. This screen will only show the last 4 digits of any phone number used as an authentication method. For privacy purposes, we've blurred these in the screenshot below. You will go to your registered Duo device, and enter the 3 digit code shown here into the Duo Mobile app's challenge.

Step 3c: Is this your device? 

This screen asks whether this is a shared device or a device that only you use. Respond accordingly. If you answer yes, Duo will save a persistent cookie for this browser on this device to reduce the number of times you are required to satisfy Duo. This doesn't eliminate future Duo prompts entirely, but does reduce the number.

Future Step 3: Okta Multifactor challenge (may not be required) - Starting 2/25/26

Step 3a: Hit continue to proceed with the process on validating with Okta.

Step 3b: Okta number challenge. 

Based on the service, you will have the option of choosing the multifactor option, but by default users will receive a Push to Okta Verify and number challenge.