This site requires JavaScript to be enabled
An updated version of this article is available

Office365: DUO Two factor authentication for Web-based Email

16 views

6.0 - Updated on 2020-08-24 by Aaron B Reiser

5.0 - Updated on 2020-05-06 by Chase M

4.0 - Updated on 2019-08-14 by Gary Edward Ward

3.0 - Updated on 2019-01-24 by Allen M Hernandez

2.0 - Updated on 2018-10-08 by Chase M

1.0 - Authored on 2018-09-20 by Chase M

Summary

In early October, the University will be rolling out two-factor authentication (2FA), for web-based email. Following the lead of UT System, the UT Austin Information Security Office (ISO) has made an update to the Information Resources Use and Security Policy by adding section 4.6.4  – which states that two-factor authentication is required, “when an employee or other individual providing services on behalf of the University who is working from a Remote Location accesses a web-based interface to University email.” 

What will be affected?

The configuration only impacts applications that use what Microsoft calls "Modern Authentication."  If an application authenticates to Office 365 through a pop-up web page, then the application is using modern authentication and will be affected. This change includes the Outlook Web App, Microsoft Outlook for iOS & Android, Office 365 applications like Microsoft Teams and Project Online, recent versions of the Outlook for Mac 2016 desktop application downloaded from Office 365, and the initial registration sign-in to Office applications downloaded from the Office 365 Portal (Word, Excel, Outlook, etc.). Other applications should remain unaffected by this change.

What will I need to do?

In order to access web-based email, you will need to authenticate using two factors of authentication. One factor will be your UT EID credentials, and the second factor will be something you have – such as a smart phone or other mobile device. Our 2FA solution "DUO" supports iPhone and Android smart phones or tablets, as well as land lines and mobile phones which lack the ability to run apps. In rare circumstances in which a mobile phone or land line is not an option, you may be eligible to obtain a hardware token.

The first step in activating your two-factor authentication is to enroll your device with your EID account. Once your device is enrolled, you will use that device to authenticate when you log into any University two-factor protected web application. If you have claimed your W-2 online within the past year, then you are likely already enrolled with DUO.

What will I see?

When logging in for the first time to an application that requires modern authentication, you will be presented with a DUO prompt after the login screen.

Modern Authentication on the Web

                                  

You have the option to 'remember" the device so that you will not have to re-authenticate with DUO every time you logon. Note - when we roll out the change, you will only be required to 2FA once every 30 days on trusted devices. If you have your DUO settings configured to "automatic," you will need to cancel the prompt and then you will be able to check the box and authenticate. 

 

         

You have the option to 'remember" the device so that you will not have to re-authenticate with DUO every time you logon. Note - when we roll out the change, you will only be required to 2FA once every 30 days on trusted devices. If you have your DUO settings configured to "automatic," you will need to cancel the prompt and then you will be able to check the box and authenticate. 

 

 Additional Resources

 

 Permalink: utss/KAhome.do?number=KB0017056