Connect to Office 365 Mail with Outlook 2016 (This user guide is applicable to Outlook 2016 for DUO 2FA enabled users, while there will be slightly different for other versions of Outlook.) Table of Contents A. Set up Office 365 Mail Account on Outlook 2016. 2fa Support for consumer accounts is new to outlook 2016 (should be available in updates this month), so if you need the app password now, you soon won’t. Gmail 2fa support is coming too - I thought in the same update, but haven’t tested it yet.
What is Duo 2FA?
Passwords are essential for security and privacy, but they are often not enough. Two-factor authentication requires something you know (your Clemson password) and something you have (like a mobile phone, landline phone or the Duo smart phone app) as an added layer of security to prevent anyone else from accessing your account. Two-factor authentication is the most effective method of account takeover prevention, helping to protect both you and the Clemson community.
Why do I need Duo on my email and Office 365 account?
Implementing Duo on Office 365 and email can help prevent unauthorized access to your email and files, even if your password has been compromised. Sophisticated phishing attacks that successfully steal your credentials can automatically login to your Office 365 account from the attacker’s location. The attacker would be unable to complete the Duo authentication and your Office 365 account would be protected from compromise.
Will this affect what email client I can use?
The support clients are as follows:
Outlook 2016 2fa Microsoft Account
Client Application | Full Support | Limited Support | Not Supported |
Outlook 2016/2019/365 for Mac or PC | X | ||
Outlook for iOS and Android | X | ||
Outlook on the Web (OWA) | X | ||
Native Mail.app for macOS | macOS 10.14 + | macOS 10.13 and older * | |
Native Mail app for iOS | iOS 11.x + | iOS 10.3.3 and older * | |
Native Android Mail app | Android Mail App * | ||
Evolution for Linux | evolution-ews 3.27.91 + | ||
Thunderbird | X | ||
POP/IMAP and SMTP only clients | X |
*Applications with limited support using ActiveSync technology (basic authentication) will be phased out in the future. Please make plans to use a supported email client to avoid losing email functionality.
When will I have to begin using Duo for Office 365?
All users will use Duo for Office 365 by April 24, 2019.
When will I get the Duo prompt for Office 365?
You should only be prompted for Duo authentication when not connected to a Clemson wired, wireless (eduroam), or VPN network and attempting to connect to an Office 365 application or email for the first time via phone, tablet, or computer. You may also be prompted for Duo if your device has not recently connected to an on-campus network. Some legacy clients that do not support Duo authentication will not prompt you and you can continue using them as normal.
What happens if I get the Duo prompt and I’m on-campus and not trying to login to my email or an Office 365 app?
If you receive a Duo authentication prompt (push, text, or phone call) on your device without logging into a corresponding service that requires Duo, decline the Duo prompt (marking it as fraud) and immediately change your Clemson password. This is an indication that your credentials have been compromised and attackers are attempting to login to your Duo-protected account. Contact the CCIT Service Desk for further instructions.
For more information email ITHELP@clemson.edu or call 864-656-3494.
Beware: COVID-19 Vaccine News May Lead to New Wave of Phishing
Read MoreMicrosoft Teams and the Future of Video Calling
Read MoreOur Happy Clients
Tech Support of Minnesota takes care all my business information technology. I don't have to worry about my computers, networks or staff not working. Thanks team for taking care of us.
Rick CrawfordWe noticed that some people are having problems using Microsoft Office 365 with two-factor authentication (2FA) (also known as multi-factor authentication).
We have a few tips for you here.
First: It’s important to know that when your admin sets up 2FA for your Office 365 users, they must enable Modern Authentication (MA) for Exchange Online if users are accessing Exchange using Outlook 2016. (The versions of Microsoft Outlook before 2013 don’t support Modern Authentication.) For details on how to enable MA for Exchange Online tenants, see Enable Modern Authentication in Exchange Online.
Second: You shouldn’t have any problem using 2FA with Microsoft’s mobile Office apps, Outlook Groups, Office 2016 desktop apps, and OneDrive for Business in Windows 10. However, other applications may be incompatible, so make sure you test all the apps in your organization before enabling 2FA.
How to Connect to Office 365 Security & Compliance Center PowerShell Using 2FA.
If you set up 2FA for tenant administrator accounts, they can’t sign in to Office 365 using PowerShell. Instead, you must set up a specialized account for administrators. To do this, you must install the Exchange Online Remote PowerShell Module and use the Connect-IPPSSession cmdlet to connect to Security & Compliance Center PowerShell.
Important note from Microsoft: You can’t use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.
This is what Microsoft recommends you do:
- Open the Exchange admin center (EAC) for your Exchange Online. See Exchange admin center in Exchange Online.
- In the EAC, go to Hybrid> Setup and click the appropriate Configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
- In the Application Install window that opens, click Install.
Windows Remote Management (WinRM) on your computer should allow authentication by default. If basic authentication is disabled, you’ll get an error message. Now you should be able to sign into the Security & Compliance Center PowerShell by using 2FA.
After you sign in, the Security & Compliance Center cmdlets will be imported into your Exchange Online Remote PowerShell Module session and tracked by a progress bar. If you don’t receive any errors, you’ve done this successfully.
If not, and you receive errors, check the following requirements:
- Limit your open remote PowerShell connections to three. This prevents denial-of-service (DoS) attacks.
- Make sure the account you connect to the Security & Compliance Center is enabled for remote PowerShell. For more information, see Enable or disable access to Exchange Online PowerShell.
- The TCP port 80 traffic must be open between your local computer and Office 365. It may not be if your organization has a restrictive Internet access policy.
2fa Outlook 2016 Email
How to Enable 2FA in the Office 365 Admin Portal
Two-factor authentication (multi-factor authentication) can be enabled for individual users or in bulk. Before continuing, be sure to install Microsoft Authenticator on your user’s mobile devices, (not Authenticator, a similar app from Microsoft but without support for push notifications). Here’s what Microsoft says to do to enable 2FA one user at a time:
- Log in to the Office 365 admin portal using an administrator account.
- In the menu on the left of the portal, expand Users and Active users.
- In the list of users, click the user for which you want to enable 2FA. Note that only licensed users can use 2FA.
- In the user’s pane, click Manage multi-factor authentication under More settings.
- On the multi-factor authentication screen, select the user account to enable, and then click Enable under quick steps on the right.
- In the About enabling multi-factor auth dialog box, click enable multi-factor auth.
The MULTI-FACTOR AUTH STATUS should change to Enabled. Close the browser window and sign out of the admin portal.
How to Enroll an Account for 2FA
Once the feature is enabled, the user must now enroll for 2FA, and sign into Office 365 with their username and password, and then click Set it up now on the sign in screen and follow Microsoft’s instructions below:
- On the Additional security verification screen, select Mobile app
- Select Receive notifications for verification
- Click Set up
- Open the Microsoft Authenticator app on your phone and click Scan Barcode.
- Use the camera on your phone to scan the barcode in the Configure mobile app You’ll then need to wait a couple of seconds while the app activates the new account.
- Click Finished in the browser window.
- Back on the Additional security verification screen, click Contact me.
The user will receive a notification on their phone. They should open it, and they’ll be taken to the Microsoft Authenticator app.
- Click Verify to complete the sign-in process.
- Click Close in the Microsoft Authentication app.
- In the browser window, they must enter a number to receive verification codes in case they lose access to the Microsoft Authenticator app and click Next.
Web-based and mobile apps can use Microsoft Authenticator app verifications for 2FA logins, but Office desktop apps require an app password.
This final step provides the user with an app password for these apps.
- They should copy the app password by clicking the copy icon to the right of the password and paste it somewhere safe. Click Finished.
- They’ll be prompted to sign in again, this time by verifying the login using the Microsoft Authenticator app.
Important note from Microsoft:If you want to use only Multi-Factor Authentication for Office 365, don’t create a Multi-Factor Authentication provider in the Azure Management Portal and link it to a directory. Doing so will take you from Multi-Factor Authentication for Office 365 to the paid version of Multi-Factor Authentication.
2fa Outlook 2016 App
We hope this helps. It can be complicated to implement the proper settings for two-factor authentication in Microsoft Office 365. If you have any problems doing this, feel free to contact our Microsoft Experts.