Protectimus for OWA & EAC
We've created an installer that helps to set up OWA two-factor authentication (Exchange 2013, 2016, 2019) and Exchange Admin Center (EAC) in just a few minutes
Two-factor authentication for OWA and Exchange Admin Center in 15 minutes
Exchange Server 2013, 2016, 2019
Easy integration
Direct protection for Exchange
You can also use the Protectimus DSPA component for protecting access to Outlook Exchange Server. It integrates directly into Active Directory. It changes users’ passwords every few minutes: one part of the password remains unchanged, while the other is a TOTP password. In this case, you don’t need to install the Protectimus OWA component.
2FA for Exchange Admin Center
Group Policies Configuration
Supports OCRA Algorithm
OWA 2-Factor Authentication: Two Options
We offer two solutions for protecting access to Microsoft Exchange Outlook Web Access and Exchange Admin Center with multi-factor authentication
Set up two-factor authentication for Outlook Web App (OWA) or Exchange Admin Center (EAC) using the Protectimus OWA 2FA component. For hassle-free integration, download the installer and setup instructions below.
Set up two-factor authentication directly in Active Directory using the Protectimus DSPA (Dynamic Strong Password Authentication) component.
The Protectimus OWA 2FA solution allows you to:
- configure two-factor authenticationfor Outlook Web App and Exchange Admin Center exclusevely, multi-factor authentication will not be activated for any other services connected to Active Directory;
- use either Protectimus Cloud Multi-Factor Authentication Service or Protectimus Local MFA Platform;
- configure group policies during installation;
- activate two-factor authentication only for the selected Active Directory group;
- set the frequency with which users will enter one-time passwords to continue working with OWA, for example, every 12 hours;
- use any 2FA tokens for OWA and EAC two-factor authentication – HOTP, TOTP, or OCRA OTP tokens.
After deploying the Protectimus DSPA component, user passwords in Active Directory are continuously updated with time-based one-time passwords (TOTP). The password rotation interval is configured by the administrator and must be a multiple of 30 seconds.
Because Protectimus DSPA integrates directly with Active Directory, OTP-based authentication is automatically enforced across all services connected to the directory, including Outlook Web App (OWA), Winlogon, RDP, ADFS, and others.
Protectimus DSPA is available exclusively as part of the Protectimus On-Premise Platform and is not supported by the Protectimus Cloud Service. For DSPA authentication, users can generate OTPs using the Protectimus SMART authenticator app or the Protectimus BOT chatbots for Telegram, Viber, and Facebook Messenger.
The OWA component works with both the Protectimus Cloud Service and the Protectimus On-Premise Platform, allowing organizations to choose the deployment model that best fits their infrastructure and compliance requirements. Protectimus OWA supports multiple authentication methods, including authenticator apps, push notifications, email, SMS, chatbots, and hardware tokens.
Advanced features
Not only do we deliver and verify one-time passwords, but we also want to make the process of protecting Outlook OWA and Microsoft Outlook Exchange login with two-factor authentication as convenient for administrators as it is for users
User self-service
Time-based filters
Time-based filters allow you to configure OWA multi-factor authentication so that users can only log in to their accounts at certain times of day, such as during business hours. This precludes the possibility of accounts being compromised outside business hours, increasing the security level of your infrastructure.
Analytics and notifications
We provide detailed reports about the operation of the Protectimus Outlook Web App two-factor authentication service: the number of successful and failed authentications, financial information, and much more. Administrators can also receive notifications for each important system event by email or phone.
Cloud Service or On-premise Platform
Protectimus is one of the few OWA two-factor authentication providers offering a choice of two cooperation models: SAAS or on-premise platform. But as our cloud service is already set up, ready to use, and available 24/7, we recommend you to start testing our OWA multi-factor auth service by registering at service.protectimus.com
Cloud Service
The SaaS model is convenient. This is especially true when you don’t have a large number of users (less than 99) to protect with OWA two factor auth. You don’t need to think about purchasing and supporting new equipment on which to install the Protectimus two-factor authentication server, nor deploying a failover cluster or securing more infrastructure. We’ve taken care of all that for you. A powerful server cluster and load balancer work to ensure the stability of the Protectimus cloud service, distributing the load equally among all servers. We constantly monitor the state of our infrastructure and receive notifications for even the slightest deviation from the norm. All sensitive information is encrypted using a Hardware Security Module. Register for the Protectimus cloud service (service.protectimus.com) and start using Outlook Web App 2-factor authentication the very same day.
Local server
Often, corporate policies or legal regulations require the installation of a two-factor authentication server on the client’s premises. The Protectimus on-premise platform for Outlook Web App 2-step verification is ideal for these cases. Installing the Protectimus server on your own premises gives you full control over all data and processes, though it also comes with the burden of protecting the system from external threats and ensuring fault tolerance. There is no difference between the features of the cloud-based service and the local Protectimus platform for Outlook 2-factor authentication. User self-service, geographic and time-based filters, and event monitoring are all available in the on-premise version. What’s more, since the authentication server is installed within your enterprise network, you can set up two-factor authentication for Outlook Web App as an offline service.
Supported Two-Factor Authentication Methods
How to set up OWA two-factor authentication with Protectimus
Set up two-factor for OWA in just a few minutes
Registering with the Service
Register with the cloud-based Protectimus multi-factor authentication service
Choose a payment plan
Navigate to the Service plans and activate the plan that meets your needs. To start testing the two-factor authentication solution for OWA, you can just activate the Free plan for now.
Create a resource
Resources are used to logically group users and tokens. Navigate to the Resources section. Then, click Add Resource and create a resource.
Install Protectimus OWA
Use the buttons above to download the installer and open the setup guide. Then run the Protectimus OWA installer and follow the on-screen instructions.