Starting Tuesday, April 20, 2021, Two-Step Login for Office 365 will be required for all Cornell University faculty and academic NetID accounts.

How Will This Change Affect Faculty and Academic Users?

Many faculty and academic users will already be familiar with Two-Step Login from accessing resources such as Faculty Center or Canvas. Two-Step Login protection for Office 365 login uses a very similar process. Over 10,000 Cornell Office 365 users have already transitioned to using Two-Step Login without issues!

Two-Step Login does not increase how often users need to log in. It simply adds an additional authentication step when they do need to. That means that most Cornell Office 365 users will rarely, if ever, actually need to authenticate with Two-Step Login when using an app on their computer or mobile device to access Office 365. An example of when someone might need to would be when installing a fresh copy of the software. But don't worry — Two-Step Login is still giving its extra protection against malicious users.

For Outlook on the web, if a user usually needs to sign in there, then they will also be prompted to complete Two-Step Login as well.

For general information about the change, visit Before You Start Using Two-Step Login with Office 365.

Is There Anything Special You Need to Know?

Those who access email using one of the following methods will need to take extra steps to ensure the email access transitions smoothly.

• iOS Devices
  If you use the iOS Apple Mail and Calendar app to access Cornell email, you may need to refresh your account settings. Follow the instructions to Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login.

• Unsupported Email and Calendar Clients
  Cornell only supports email and calendar apps from Microsoft and Apple for Two-Step Login. While other apps, such as Gmail for Android or Thunderbird, may continue to work if configured carefully by experienced users, you are encouraged to switch to a supported client. Review the list of supported clients at Before You Start Using Two-Step Login with Office 365.

• SMTP and IMAP/POP Protocols
  If you use IMAP/POP or SMTP protocols to connect to Cornell email, the most common Basic authentication method to send or read email is not compatible with Two-Step Login. You will need to take steps to use an OAuth2-supported email client configured for an Exchange account. For this reason, users are encouraged simply to switch to a supported client as detailed at Before You Start Using Two-Step Login with Office 365.

• Office 2013 and Older
  On Windows and macOS, users need to be running Office 2016 or later to be compatible with Two-Step Login. Those using Office 2013 for Windows should contact local IT support about updating it to work with Two-Step Login or upgrade to Office 2016.

Can You Opt-in Proactively?

Yes! You can enable Two-Step Login for Office 365 in advance of the April 20, 2021, deadline by following the steps described at Opt-In to Two-Step Login for Office 365. Then, test the process as described at Test Two-Step Login for Office 365.

Why Is Cornell Making This Change?

The university has been rolling this protection out in phases to all areas of the Cornell community. Two-Step Login will further improve data security for email, calendars, contacts, and other shared Office resources. After Two-Step Login has been enabled, if criminals manage to steal a user’s NetID password, they will be unable to hijack the email account or access sensitive content stored in it.

Later this year, Two-Step Login for Office 365 protection will also roll out to retirees, retired faculty, and emeriti NetID accounts. Campus administrative employee NetIDs have already been implemented.

Need Assistance?

If you encounter issues using Two-Step Login for Office 365, contact your local IT staff or the IT Service Desk for assistance.