Two-factor authentication for Office 365

Two-factor authentication (2FA) is a proven way to protect your email account against the use of stolen passwords. Verify your identity with a device in your possession, commonly a mobile phone, as part of your HMS and Microsoft Office 365 sign in.

If you are new to HMS, you do not need to enable 2FA for Office 365; it is automatically enabled for new users. Existing users will have 2FA enabled in stages.

  • You have an Office 365 email account. 
  • You must be using a supported client (see below)



  • Microsoft Office 2016 for Windows or macOS
  • Built-in mail client with macOS 10.14+ (Mojave)
  • Microsoft Outlook from the iTunes or Google Play store
  • Built-in mail client with iOS 11.0+

For web-based access to email and Office 365, you must use a modern web browser. Mail clients that do not use the Outlook Web Access (OWA) protocol are not supported and will no longer work after the change is made. Email clients that utilize POP or IMAP protocols, such as Thunderbird, are not supported. Additionally, Microsoft discontinued support for POP and IMAP with O365 in October 2020.

Rollout schedule

Find out when two-factor authentication (2FA) will be required for your HMS email account. 


Harvard University uses a mobile app called ️Duo that makes the two-factor authentication (2FA) process quick and easy. 

What to expect after activating 2FA for Office 365
  • Your work should not be interrupted when ️two-factor authentication for Office 365 is enabled. If you are online and working in any of your O365 applications, you should not notice anything when we turn it on.
  • After we initially activate two-factor authentication, it typically takes 24 to 48 hours for you to notice any change because your credentials will be cached. Using an incognito or private browsing window or browser with a cleared cache should allow you to immediately see the change for web-based access to email (OWA) and O365 (for example, OneDrive, Sharepoint).
If you use: 
Then you can expect: 

The Office 365 website and apps (for example, OneDrive, Teams, SharePoint)

To occasionally see the Duo screen when you sign in.


Microsoft Outlook (2013, 2016) application on your computer

To occasionally see the Duo screen when you sign in.

Built-in Mail on your iPhone or iPad (iOS 11 or later)


To occasionally see the Duo screen when you sign in. Note – When enabling Duo for Office 365, iOS devices may require removing and re-adding your HMS email account to sync the account. The issue will present itself in the form of a credential pop-up screen. Get more information about how to resolve this issue.

Microsoft Outlook app on your mobile device (Android or iPhone) 

To occasionally see the Duo screen when you sign in.


Apple Mail (macOS 10.14 and later)

To occasionally see the Duo screen when you sign in. Note – In some instances, Apple Mail may stop downloading mail.  Apple Mail may require the removal and re-addition of your HMS email account to sync the account. Click here for more information on how to resolve this issue.

Request to opt-out 

Note that Office 365 two-factor authentication opt-out requests will be reviewed carefully but will only be granted for specific technical issues that significantly impact business operations and where the use of Outlook web-based email is not a viable solution. To request O365 two-factor authentication opt-out, fill out the online request form. Once the form is submitted, you will receive a confirmation email. You will also receive an email notifying you once a decision has been made about your opt-out request.