Troubleshooting Update: 2FA for Office 365
If you are experiencing issues receiving email on your mobile device or Outlook desktop client following the addition of Two-Factor Authentication (2FA) to your Office 365 account, you can still access your email via mso365.gmu.edu.
This provides information on what to expect as you start using 2FA with Office 365.
Background
Two-Factor Authentication (2FA) for Office 365 provides additional security on ALL Office 365 applications, including email, calendar, OneDrive for Business, and more.
This allows for the storage of sensitive documents in both OneDrive for Business as well as shared file storage areas within other Office 365 applications such as Project Online and Microsoft Teams. 2FA is required to use those services and will be required for all Mason employees in spring 2020.
Unlike other applications that already use Mason’s 2FA, Office 365 is a service that has multiple points of entry including:
- Desktop Applications
- Web Applications
- Mobile Applications
- 3rd Party Applications
Each Office 365 point of entry may behave slightly differently based on user, operating system, hardware, and/or browser. As credentials are often saved for Office 365 applications, users may not notice an immediate change when 2FA is enabled. As such, there are not always definitive responses to how technology will behave. If you are not running a supported software version, upgrade before the 2FA launch, or risk being unable to access your Office 365 account.
General Compatibility
- Fully Supported (will work with 2FA): Outlook on the Web (OWA), Outlook 2019 or higher (desktop), and Outlook mobile apps (Android or iOS)
- Not Supported: Mac Mail (requires Mojave OS), iOS native mail app (requires iOS 11 or later)
- Not Compatible: Everything else is not compatible including the Android native mail and IMAP-based clients
Overall Expectations
- Frequency: You will only see 2FA when you are prompted to log in.
- Requirements: Applications must support “modern authentication” – the web-based login used by Office 365 that provides a standard login experience regardless of application or type of device.
- 2nd Factor Options: Only Duo Push and Passcode (e.g. via Duo Mobile, printed bypass code, or Yubikey) options are available for Office 365 applications. Voice Callback and SMS Text are not available for any Mason 2FA applications except the 2FA Account Management Application at https://2faaccount.gmu.edu. See List of 2FA Authentication Options.
Desktop/Laptop
ITS supports the Microsoft-based applications as these are guaranteed to work with the Microsoft modern authentication and 2FA. For additional information about application support with Duo and Office 365, visit Duo's Guide to Office 365 mail client behavior when using Basic and Modern Authentication with Duo.
- If you use the Outlook Desktop Client (PC or Mac)
- Office 2019 software is required
- 2FA window will appear the next time you are prompted to enter your password, typically after changing your password
- If you use Office 365/Outlook on the Web (via browser) at mso365.gmu.edu
- Log out and log back in—this refreshes your session and guarantees the 2FA prompt is seen. It is a great way to test the process (see picture above).
- If prompted and not on a shared machine, the team recommends that you use the "Stay Signed In" option. This reduces the number of login prompts.
- If you use Other Email/Calendar Client Applications (NOT supported by ITS)
- Apple Mail: Per Apple, OS X 10.14 (Mojave) and higher support the use of modern authentication. Apple Mail may work with 2FA and Office 365 if you run this OS.
- Thunderbird/Other Clients: They do not work. These are not compatible with 2FA, as they do NOT support the modern authentication requirement.
- Other Office 365 Applications (Word, Excel, PowerPoint, etc.) on your desktop
- If you have your OneDrive for Business account connected, you may be prompted to log in again and enter your 2FA information.
- Do Not check the “Remember Me” checkbox—it does not work in this situation; however, Office 365 will keep you logged in automatically, as it leaves a token on your machine
Mobile Device/Smartphone
The Outlook mobile app, available through your device’s app store, will work with 2FA. For additional information about the mobile app and download instructions, see https://products.office.com/en-us/outlook-mobile-for-android-and-ios. Other Office 365 mobile applications (e.g., Teams, Word, OneDrive, etc.) will log in like the Outlook mobile app.
- iPhone (iOS)
- Native Mail App (email, calendar): iOS 11 or higher is supported. If you have issues with the native app on your iPhone, DELETE your Mason account from the phone and re-add it. This will refresh the authentication and ensure it is logging in properly. You will not lose any data.
- Outlook Mobile App: supported
- Android
- Native Mail App: The native mail app on Android will not work; it does not support the modern authentication requirement.
- Outlook Mobile App: supported
- If you use Office 365/Outlook on the Web (via browser) at mso365.gmu.edu
- Log out and log back in—this refreshes your session and guarantees the 2FA prompt is seen. It is a great way to test the process (see picture above).
- The team recommends that you use the "Stay Signed In" option. This reduces the number of login prompts.
Related FAQs
Expand All Collapse All