Microsoft 365 requires that users are already provisioned inside Microsoft 365 when an authentication attempt happens. Enable Directory Synchronization in Microsoft 365 It is recommended that you have a tenant administrator account in your "" so you don't lock yourself out of your tenant.
Configure Single Sign-Onīefore configuring Microsoft 365 you'll first need to enable Duo Single Sign-On for your Duo account and configure a working Active Directory authentication source. required for SharePoint but not Yammer), see our instructions for Duo for Azure Active Directory Conditional Access. If you're interested in a Duo solution for Microsoft 365 that doesn't require installing any on-premises Duo components and allows Duo to be applied per Microsoft 365 application (i.e. Duo checks the user, device, and network against an application's policy before allowing access to the application. For example, you can require that Salesforce users complete two-factor authentication at every login, but only once every seven days when accessing Microsoft 365.
Microsoft domains federated with Duo SSO on or before Februmust update the federation configuration following the steps in Duo Knowledge Base article 7538.ĭuo Single Sign-On is available in Duo Beyond, Duo Access, and Duo MFA plans, which also include the ability to define policies that enforce unique controls for each individual SSO application. Microsoft 365 domains federated to Duo SSO after February 24th automatically have MFA support for their federated domain enabled. Once you federate a custom domain your Microsoft Online tenant with Duo Single Sign-On, all Microsoft 365 applications will redirect those federated users to Duo when they sign in, while cloud-only (non-federated) users continue to log in using the Microsoft Online sign-in form.ĭuo Single Sign-On satisfies Azure AD MFA requirements as of February 24, 2022. Duo SSO acts as an identity provider (IdP), authenticating your users using existing on-premises Active Directory (AD) and prompting for two-factor authentication before permitting access to Microsoft 365. If you require additional support, please call the Ohio State Accessibility Helpline 61.Duo Single Sign-On (SSO) is our cloud-hosted SSO product which layers Duo's strong authentication and flexible policy engine on top of Microsoft 365 logins.
If you have a disability and have trouble with any Microsoft 365 product, please reference the Microsoft Accessibility Disability Answer Desk (link is external) where you can contact Windows and Office accessibility support (link is external) through various methods.
More information is available from Ohio State's Information Security Control Requirements (ISCR) (link is external) and Password Guidance from NIST (link is external). Enable multifactor authentication where available. In these cases, be sure to set a unique and strong passphrase do not reuse your Ohio State or other passwords. Please be advised that Microsoft 365 add-ins may require you to create an account with that vendor. Learn more about third-party integrations and requesting add-ins. Microsoft 365 allows the Ohio State community to collaborate through one cloud platform delivering a wide range of productivity apps.Īccess email, store and share files, communicate with your coworkers or students, schedule meetings, track your to-do lists and more by integrating applications and downloading them on up to five devices.