Before You Start Using Two-Step Login with Office 365
This article applies to: Two-Step Login
How It Works
Whether Two-Step Login has been mandated for your Office 365 account or you are choosing to opt in, it protects access to your email, calendar, and all other Office 365 services. It is part of the university’s comprehensive strategy and aims to improve data security for email, calendars, contacts, and other shared Office resources. After Two-Step Login has been enabled, if criminals manage to steal your NetID password, they will be unable to hijack your email account or access sensitive content stored in it.
You will rarely, if ever, need to authenticate with Two-Step Login when you use an app on your computer or mobile device to access Office 365. One time you might would be when you install a fresh copy of the software. With Outlook on the web, you will be prompted to complete Two-Step Login only if you usually need to sign in there. Don't worry, Two-Step Login is still giving you its extra protection against malicious users.
Two-Step Login for Office 365 is completely independent of opting in to expanded use of Two-Step Login with all services that use CUWebLogin. If you are subject to mandated use of Two-Step Login with CUWebLogin, that requirement will not extend to Office 365.
If you don't already have a Two-Step Login account, go to Get Started with Two-Step Login to begin the process.
Special Considerations for Users Moving to Two-Step Login for Office 365
If you access email using one of the following methods, you may need to take extra steps to ensure your email access transitions smoothly.
If you access email using the iOS Apple Mail and Calendar app, you may need to refresh your account settings. Follow the instructions to Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login.
Unsupported Email and Calendar Clients
Only email and calendar apps from Microsoft and Apple are currently supported for Two-Step Login. While other apps, such as Gmail for Android or Thunderbird, may continue to work if configured carefully by experienced users, you are encouraged to switch to a supported client. See below under "Supported Applications" for details.
SMTP and IMAP/POP Protocols
If you use IMAP/POP or SMTP protocols to connect to Cornell email, the most common authentication method to send or read email is not compatible with Two-Step Login. You will need to have an OAuth2-supported email client configured for an Exchange account. For this reason, users are encouraged simply to switch to a supported client as detailed below.
Office 2013 and Older
On Windows and macOS, you will need to be running Office 2016 or later to be compatible with Two-Step Login. If you use Office 2013 (or earlier) for Windows, contact local IT support about updating it, or upgrade to Office 2016.
Two-Step Login for Office 365 is supported for:
Outlook and other Microsoft Office applications on:
Apple’s Mail and Calendar apps in:
- MacOS 10.14 (Mojave) and later
- iOS 11 and later
- Outlook on the Web (outlook.cornell.edu)
Accessing EGA Accounts on Mobile Devices
The only way to access an Exchange Group Account (EGA) on a mobile device will be via Outlook on the Web in a browser. If you are not mandated to use Two-Step Login for Office 365, do not proactively opt in if you ever use any other software for accessing your email, calendar, or other Office 365 services. Once you opt in, only the products listed above are supported.