Microsoft 365 apps primarily use Microsoft Azure authentication. 

If you are installing Microsoft 365 apps on a new device or using a new browser to sign in to Outlook on the web, you may be asked to authenticate with Two-Step Login as well.

However, when you login to Microsoft 365, you can:

• Check Don't show this again, and
• Select Yes on the Stay Signed In screen. 

When you take these steps and use Microsoft 365 regularly, you will rarely if ever be asked to re-authenticate with either Microsoft Azure or Two-Step Login when using the same device or, in the case of Microsoft 365 web apps, browser.

Authentication Change Starting Tuesday, April 28, 2026

On Tuesday, April 28, 2026, CIT will implement an updated, more secure version of Duo multi-factor authentication (MFA) for Microsoft applications on desktop and the web. This change enhances security for Cornell accounts by upgrading the Duo MFA protection that’s already required for all Microsoft apps.

After the change goes into effect, you will be prompted to sign-in and authenticate with the new version of Duo when opening apps such as Outlook, Teams, or OneDrive. 

Click Continue on the Verification Required window and authenticate with Duo as you normally would. 

If you are using a personal device, check Don't show this again, and select Yes on the Stay Signed In screen.

If you are using a public or shared device, do not choose to stay signed in.