Penn Office 365 - Two Factor Authentication
PennO365 (University) will require DUO two factor authentication (2FA) for email starting March 29th. This change will add an additional level of security to email clients and ensure that only you can access your email account
Beginning March 29th, when checking PennO365 email on your devices you will be presented with the DUO 2FA prompt. This is the same prompt that is seen when logging into any PennKey authenticated service. Also note that if this is a device you frequently use to check your email, on the DUO prompt screen you can check “Remember me for 30 days” to avoid being prompted for DUO again.
DART recommends using Outlook (app or web) to access your email. Accessing O365 email through other mail apps (Apple/iOS Mail, Windows Mail, native Android email app, etc) is more likely to cause configuration and support issues.
Please review the FAQ below and watch for more information in the next few weeks.
Question/concerns? Please contact your LSP or enter a helpdesk ticket.
Can I opt out of DUO 2FA on PennO365?
- No, DUO 2FA will be required for everyone accessing PennO365 email.
What Office 365 clients can I use with Two-Step Verification for PennO365?
- Two-Step Verification for PennO365 is only recommended with the latest version of Outlook for Office365 (formerly Click-to-Run), Outlook on the Web, and the current version of the Outlook app for both Android and iOS.
- The use of other email clients is not recommended. In testing, native email clients such as Windows Mail, Apple Mail, the Android Mail app, and others operated inconsistently.
When will I have to use Two-Step Verification for PennO365? How often will I be prompted for the second factor?
- When you log into Outlook for the first time after enrolling, you will be prompted for a Two-Step Verification code. You will only be prompted again if there is a significant change (e.g., upgrade to Outlook), if you have signed out on that device, or haven't used the device for a longer period of time.
- Once you've registered an Outlook client on a device and selected the "Remember me for 30 days", you do not need to register for the life of the device if that client and device are regularly used. The 30-day clock restarts each time you use the Outlook client on that device.
- A new login from a different device, or client (e.g., a different web browser), however, will result in a Two-Step Verification prompt.