General Compatibility

• Fully Supported (will work with 2FA): Outlook on the Web (OWA), Outlook 2019 or higher (desktop), and Outlook mobile apps (Android or iOS)
• Not Supported: Mac Mail (requires Mojave OS), iOS native mail app (requires iOS 11 or later)
• Not Compatible: Everything else is not compatible including the Android native mail and IMAP-based clients

Overall Expectations

• Frequency: You will only see 2FA when you are prompted to log in.
• Requirements: Applications must support “modern authentication” – the web-based login used by Office 365 that provides a standard login experience regardless of application or type of device.
• 2nd Factor Options: Only Duo Push and Passcode (e.g. via Duo Mobile, printed bypass code, or Yubikey) options are available for Office 365 applications. Voice Callback and SMS Text are not available for any Mason 2FA applications except the 2FA Account Management Application at https://2faaccount.gmu.edu. See List of 2FA Authentication Options.

Desktop/Laptop

ITS supports the Microsoft-based applications as these are guaranteed to work with the Microsoft modern authentication and 2FA. For additional information about application support with Duo and Office 365, visit Duo's Guide to Office 365 mail client behavior when using Basic and Modern Authentication with Duo.

• If you use the Outlook Desktop Client (PC or Mac)
  • Office 2019 software is required
  • 2FA window will appear the next time you are prompted to enter your password, typically after changing your password
• If you use Office 365/Outlook on the Web (via browser) at mso365.gmu.edu
  • Log out and log back in—this refreshes your session and guarantees the 2FA prompt is seen. It is a great way to test the process (see picture above).
  • If prompted and not on a shared machine, the team recommends that you use the "Stay Signed In" option. This reduces the number of login prompts.
• If you use Other Email/Calendar Client Applications (NOT supported by ITS)
  • Apple Mail: Per Apple, OS X 10.14 (Mojave) and higher support the use of modern authentication. Apple Mail may work with 2FA and Office 365 if you run this OS.
  • Thunderbird/Other Clients: They do not work. These are not compatible with 2FA, as they do NOT support the modern authentication requirement.
• Other Office 365 Applications (Word, Excel, PowerPoint, etc.) on your desktop
  • If you have your One Drive for Business account connected, you may be prompted to log in again and enter your 2FA information.
  • Do Not check the “Remember Me” checkbox—it does not work in this situation; however, Office 365 will keep you logged in automatically, as it leaves a token on your machine

Mobile Device/Smartphone

The Outlook mobile app, available through your device’s app store, will work with 2FA. For additional information about the mobile app and download instructions, see https://products.office.com/en-us/outlook-mobile-for-android-and-ios. Other Office 365 mobile applications (e.g., Teams, Word, OneDrive, etc.) will log in like the Outlook mobile app.

• iPhone (iOS)
  • Native Mail App (email, calendar): iOS 11 or higher is supported. If you have issues with the native app on your iPhone, DELETE your Mason account from the phone and re-add it. This will refresh the authentication and ensure it is logging in properly. You will not lose any data.
  • Outlook Mobile App: supported
• Android
  • Native Mail App: The native mail app on Android will not work; it does not support the modern authentication requirement.
  • Outlook Mobile App: supported
• If you use Office 365/Outlook on the Web (via browser) at mso365.gmu.edu
  • Log out and log back in—this refreshes your session and guarantees the 2FA prompt is seen. It is a great way to test the process (see picture above).
  • The team recommends that you use the "Stay Signed In" option. This reduces the number of login prompts.