{"id":6756,"date":"2020-07-09T18:38:59","date_gmt":"2020-07-09T15:38:59","guid":{"rendered":"https:\/\/www.protectimus.com\/blog\/?p=6756"},"modified":"2021-02-17T20:01:27","modified_gmt":"2021-02-17T17:01:27","slug":"owa-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/www.protectimus.com\/blog\/owa-two-factor-authentication\/","title":{"rendered":"How to Add Two-Factor Authentication to Outlook Web App (OWA)"},"content":{"rendered":"\n

If you read this article, you probably know the answer to the \u201cwhat is OWA\u201d question. But just in case \u2014 OWA Outlook is a browser email client to access Microsoft Outlook without any on-premises installations for Exchange 2013, Exchange 2010 users. For Microsoft Outlook update for Microsoft Exchange 2016 it was rebranded as \u201cOutlook on the web\u201d. OWA Outlook online provides access not only to email, but to other personal information like calendar, contacts, and tasks, and is widely used by businesses all over the world. With such sensitive data involved, OWA two-factor authentication becomes imperative.<\/p>\n\n\n\n

We developed two products for Outlook OWA 2FA. The first product is Protectimus OWA<\/a>, developed specifically for Office OWA integration. The second solution is Protectimus DSPA<\/a> which adds 2FA directly to the repository (Active Directory, Lightweight Directory Access Protocol, databases) and thus adds MFA to everything linked to the business AD, LDAP, etc.<\/p>\n\n\n\n

Today we will give you an in depth look into both methods. We will describe their work, show you how to implement each solution and list the tokens that support them.<\/p>\n\n\n\n

Method 1. Use Protectimus OWA 2FA Plugin<\/strong><\/h2>\n\n\n\n

Our Exchange OWA plugin is designed to integrate Outlook 2-factor authentication for mail on Microsoft Exchange 2016, Exchange 2013 as well as 2019. Protectimus installation wizard finishes a Microsoft MFA setup in 15 min tops.<\/p>\n\n\n\n

<\/p>\n\n\n

Download Protectimus OWA installer and setup instructions<\/a><\/div>\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

How it works<\/strong><\/h3>\n\n\n\n

With the plugin from Protectimus, OWA multi-factor authentication will be integrated with the OWA app only, nothing else. This method requires registering to Protectimus cloud service<\/a> or downloading our MFA platform<\/a> (contact out ), setting it up and starting the installation wizard. That is it.<\/p>\n\n\n\n

This product for OWA two-factor authentication runs either in cloud, or locally. The customer gets all the advanced features like geo and time filters, IP filters, analysis of the user environment etc. Every Protectimus token works with this plugin, and it supports third-party tokens as well.<\/p>\n\n\n\n

Supported tokens<\/strong><\/h3>\n\n\n\n

All the MFA tokens are divided into software and hardware kinds. The divide is derived from the secret key (seed) implementation. Since we are focused solely on Microsoft Outlook Exchange login here, we won\u2019t delve into details on how 2FA works. But you can always read other articles on our blog<\/a> for more info on various MFA specifics. For now let\u2019s just mention the tokens Protectimus OWA two-factor authentication supports:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n
Token<\/strong><\/td>\nDescription<\/strong><\/td>\n<\/tr>\n
\n

Protectimus Slim NFC<\/a><\/p>\n

\"Programmable<\/p>\n

<\/p>\n<\/td>\n

\n
    \n
  • Hardware device that looks like a credit card.<\/li>\n
  • Programmable secret key. Which means \u2014 the token can be reprogrammed.<\/li>\n
  • 3-5 years battery life.<\/li>\n
  • Waterproof.<\/li>\n
  • $29.99\/token.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
\n

Protectimus TWO<\/a><\/p>\n

\"Classic<\/p>\n<\/td>\n

\n
    \n
  • Hardware token, slightly bulkier than Slim NFC.<\/li>\n
  • Secret key is hardcoded, which means the token can be used for one app\/website only.<\/li>\n
  • 3-5 years battery life.<\/li>\n
  • Waterproof.<\/li>\n
  • Shockproof.<\/li>\n
  • $11.99\/item.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
\n

Protectimus SMART OTP<\/a><\/p>\n

\"Software<\/p>\n<\/td>\n

\n
    \n
  • Software token \u2014 2FA app for iOS and Android.<\/li>\n
  • Protected with PIN.<\/li>\n
  • Can be used on multiple apps\/websites simultaneously.<\/li>\n
  • Free.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
\n

Protectimus BOT<\/a><\/p>\n

\"Protectimus<\/p>\n

<\/p>\n<\/td>\n

\n
    \n
  • Software token.<\/li>\n
  • OWA auth OTPs are delivered via chatbots in Telegram, Facebook Messenger, Viber.<\/li>\n
  • Free.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
\n

Protectimus MAIL<\/a><\/p>\n

\"OTP<\/p>\n<\/td>\n

\n
    \n
  • Software token.<\/li>\n
  • OTPs for OWA login are delivered via email. (The passwords have to be sent to different email clients, not OWA email)<\/li>\n
  • Free.<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n
\n

Protectimus SMS<\/a><\/p>\n

\"OTP<\/p>\n<\/td>\n

\n