Office365: DUO Two factor authentication for Web-based Email
Office365: DUO Two Factor Authentication for Web-based Email
Table of Contents | |||
---|---|---|---|
Two-Factor Authentication Setup Modern Authentication on the Web Modern Authentication with Mobile Devices
|
|
Summary
In October 2018, two factor authentication was implemented for all web-based access to Office 365 applications at the University. For policy information regarding the use of two factor authentication at the University, please view the Information Resources and Security Policy provided by the Information Security Office (ISO) under heading 4.6.
Two Factor Authentication Setup
The University strongly recommends downloading and installing the DUO application on all registered devices. In order to make use of two-factor authentication, you must enroll your device with the university.
Registration Steps:
1. To register a device using the DUO registration portal, click here.
2. Detailed instructions for how to enroll your device can be found on the Duo web site.
3. Once your device is enrolled, when you attempt to access a secure system which requires two-factor authentication, a separate message will be sent to your device which must be confirmed.
4. The university strongly recommends that you enroll more than one device in this service. This way, if your device becomes lost, stolen, or reset to factory conditions you will be able to use a backup device to re-enroll the affected device.
Additional Resources
- UT Service Desk Two-Factor Authentication Knowledge Base
- DUO Troubleshooting for Web-based Email
- How to Authenticate with DUO
If you need assistance enrolling your phone or to find more information about hardware tokens, please call the UT Service Desk at 512-475-9400
What will be affected?
The configuration only impacts applications that use what Microsoft calls "Modern Authentication." If an application authenticates to Office 365 through a pop-up web page, then the application is using modern authentication and will be affected. This change includes the Outlook Web App, Microsoft Outlook for iOS & Android, Office 365 applications like Microsoft Teams and Project Online, recent versions of the Outlook for Mac 2016 desktop application downloaded from Office 365, and the initial registration sign-in to Office applications downloaded from the Office 365 Portal (Word, Excel, Outlook, etc.). Other applications should remain unaffected by this change.
What will I need to do?
In order to access web-based email, you will need to authenticate using two factors of authentication. One factor will be your UT EID credentials, and the second factor will be something you have – such as a smart phone or other mobile device. Our 2FA solution "DUO" supports iPhone and Android smart phones or tablets, as well as land lines and mobile phones which lack the ability to run apps. In rare circumstances in which a mobile phone or land line is not an option, you may be eligible to obtain a hardware token.
The first step in activating your two-factor authentication is to enroll your device with your EID account. Once your device is enrolled, you will use that device to authenticate when you log into any University two-factor protected web application. If you have claimed your W-2 online within the past year, then you are likely already enrolled with DUO.
What will I see?
When logging in for the first time to an application that requires modern authentication, you will be presented with a DUO prompt after the login screen.
Modern Authentication on the Web
You have the option to 'remember" the device so that you will not have to re-authenticate with DUO every time you logon. Note - when we roll out the change, you will only be required to 2FA once every 30 days on trusted devices. If you have your DUO settings configured to "automatic," you will need to cancel the prompt and then you will be able to check the box and authenticate.
Modern Authentication with Mobile Devices
You have the option to 'remember" the device so that you will not have to re-authenticate with DUO every time you logon. Note - when we roll out the change, you will only be required to 2FA once every 30 days on trusted devices. If you have your DUO settings configured to "automatic," you will need to cancel the prompt and then you will be able to check the box and authenticate.
Permalink: utss/KAhome.do?number=KB0017056