This scenario means that the apps that had previously obtained an access and refresh token pair will continue to function until the lifetime of the token pair is exceeded or the user changes the password. ![]() ![]() Password Hash Synchronization doesn't support password expiration. For more information, see Configure AD FS to Send Password Expiry Claims. There are three scenarios:įor a federated identity model, the on-premises identity provider needs to send password expiry claims to Microsoft Entra ID, otherwise, Microsoft Entra ID won't be able to act on the password expiration. The identity model being utilized for authentication has an impact on how password expiration is handled. If you choose to reduce token lifetimes, you can also reduce the performance of Outlook for iOS and Android, because a smaller lifetime increases the number of times the application must acquire a fresh access token.Ī previously granted access token is valid until it expires. Token lifetime values can be adjusted for more information, see Configure authentication session management with Conditional Access. OAuth provides Outlook with a secure mechanism to access Microsoft 365 or Office 365, without needing or storing a user's credentials.įor information on token lifetimes, see Configurable token lifetimes in Microsoft identity platform. A refresh token is used to obtain a new access or refresh token pair when the current access token expires. The access token grants Outlook for iOS and Android access to the appropriate resources in Microsoft 365 or Office 365 (for example, the user's mailbox). At sign-in, the user authenticates directly with Microsoft Entra ID and receives an access/refresh token pair in return. It also provides a secure mechanism for Outlook for iOS and Android to access email, without requiring access to user credentials. MSAL-based authentication uses OAuth for modern authentication-enabled accounts (Microsoft 365 or Office 365 accounts or on-premises accounts using hybrid modern authentication). MSAL authentication, used by Office apps on both desktop and mobile devices, involves users signing in directly to Microsoft Entra ID, which is the identity provider for Microsoft 365 and Office 365, instead of providing credentials to Outlook. MSAL-based authentication is what Outlook for iOS and Android uses to access Exchange Online mailboxes in Microsoft 365 or Office 365. Modern authentication is enabled by using the Microsoft Authentication Library (MSAL). Modern authentication is an umbrella term for a combination of authentication and authorization methods that include:Īuthentication methods: Multifactor authentication Client Certificate-based authentication.Īuthorization methods: Microsoft's implementation of Open Authorization (OAuth). In addition, Outlook for iOS and Android also offers IT administrators the ability to "push" account configurations to their Microsoft 365 and Office 365 users, and to control whether Outlook for iOS and Android supports personal accounts. Users with modern authentication-enabled accounts (Microsoft 365 or Office 365 accounts or on-premises accounts using hybrid modern authentication) have two ways to set up their own Outlook for iOS and Android accounts: Auto-Detect and single sign-on. The account is added.Summary: How users with modern authentication-enabled accounts can quickly set up their Outlook for iOS and Android accounts in Exchange Online. In the next screen, select which apps to configure for Microsoft 365 (Mail, Contacts, Calendars, Reminders, and Notes). Enter your NetID and password, authenticate using multi-factor authentication, and select Log In. If the Duke Log In page still isn't displayed, consider using the Microsoft Outlook app.ħ. To resolve this, update your device's operating system (if not already up to date). Important: If you do not see the Duke Log In page, the app was unable to authenticate using Shibboleth and may not support Modern Authentication. ![]() If prompted, select Work or school account. In the Exchange screen, enter your Duke email address. In the Add Account screen, select Microsoft Exchange.ĥ. In the Accounts screen, select Add Account.Ĥ. To create a new Microsoft 365 account on your iOS device, do the following:ģ. This article reflects the experience in iOS version 14.3. However, we recommend using the Microsoft Outlook app, available from the App Store. You can add your Microsoft 365 account to your device's native Mail/Calendar apps using the instructions below. Note: Duke Health users accessing Microsoft 365 from a mobile device must enroll in Mobile Device Manager (Airwatch). Documentation for this service covers the needs of all Duke users. Microsoft 365 is a shared service used by Duke University and Health System.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |