Before You Start Using Two-Step Login with Office 365
This article applies to: Two-Step Login
How It Works
Whether Two-Step Login has been mandated for your Office 365 account or you are choosing to opt in, Two-Step Login protects access to your email, calendar, and all other Office 365 services. It is part of the university’s comprehensive strategy and aims to improve data security for email, calendars, contacts, and other shared Office resources. After Two-Step Login has been enabled, if criminals manage to steal your NetID password, they will be unable to hijack your email account or access sensitive content stored in it.
In practice, because Office 365 lets you stay signed in on a particular device, you may rarely need to authenticate with Two-Step Login to access Office 365 on a particular computer or mobile device. (One time you might would be when you install a fresh copy of the software.) With Outlook on the web, you will be prompted to complete Two-Step Login whenever you usually need to sign in there. But don't worry, Two-Step Login is still giving you its extra protection against malicious users, who would be using a different computer.
Two-Step Login for Office 365 is completely independent of opting in to expanded use of Two-Step Login with all services that use CUWebLogin. If you are subject to mandated use of Two-Step Login with CUWebLogin, that requirement is separate from using Two-Step Login with Office 365.
If you don't already have a Two-Step Login account, go to Get Started with Two-Step Login to begin the process.
What You Will Need to Do
If you use Outlook on the Web
You will need to enroll in Two-Step Login and authenticate with Two-Step Login whenever you are required to login. How often you need to log in varies depending on your settings, but you can reduce the number of times you need to log in by clicking Yes when you see the Stay Signed In prompt during Microsoft Office sign in.
If you use the Outlook desktop app
You will need to enroll in Two-Step Login and authenticate with Two-Step Login whenever you are required to login. As you may already know, as long as you use the same device and app to access your email regularly, Office rarely requires a new login, unless you use a different device or haven’t logged in for a long time. (But you are still being protected against any malicious users who try to access your account from a different computer or smartphone.)
If you use Office 2013 or older
On Windows and macOS, you need to have Office 2016 or later to be compatible with Two-Step Login. Upgrade if you can, then enroll in Two-Step Login and authenticate with Two-Step Login whenever you are required to login. If you cannot upgrade Office 365 and Outlook, consider using Outlook on the web to access your Cornell email. It offers the familiar features of Outlook email and calendar but can be accessed through a web browser on your computer, smartphone, or tablet.
If you use an iOS device (iPhone or iPad) and Apple Mail and Calendar
You will likely need to refresh your account settings on your iPhone or iPad by removing old Cornell Exchange account settings and re-installing them. You will not lose email or contacts when you do this. Follow the instructions to Configure the Apple iOS Mail and Calendar App for Use with Two-Step Login. Then enroll in Two-Step Login and authenticate with Two-Step Login whenever you are required to login.
If you use a third-party (that is, non-Microsoft or Apple) email client or connect using POP/IMAP or SMTP
Because only email and calendar apps from Microsoft and Apple are officially supported for Two-Step Login, you are encouraged to switch to a supported client. Review the list of supported clients at Before You Start Using Two-Step Login with Office 365. Once you switch to a supported client, enroll in Two-Step Login and authenticate with Two-Step Login whenever you are required to login.
If you use IMAP/POP or SMTP protocols to connect to Cornell email, the most common Basic authentication method is not compatible with Two-Step Login. Again, you are encouraged to switch to Outlook on the web or a supported client. Apps such as Gmail for Android or Thunderbird may continue to work if configured carefully by experienced users with OAuth2 and your Exchange account.
If you forward all your email to another email service
Two-Step Login should not affect you. However, if, in the future, you want to change forwarding settings, you would need to confirm your login with Two-Step Login to do that.
Two-Step Login for Office 365 is supported for:
- Outlook and other Microsoft Office applications on:
- Apple’s Mail and Calendar apps in:
- MacOS 10.14 (Mojave) and later
- iOS 11 and later
- Outlook on the Web (outlook.cornell.edu)
Accessing EGA Accounts on Mobile Devices
The only way to access an Exchange Group Account (EGA) on a mobile device will be via Outlook on the Web in a browser. If you are not mandated to use Two-Step Login for Office 365, do not proactively opt in if you ever use any other software for accessing your email, calendar, or other Office 365 services. Once you opt in, only the products listed above are supported.