We are pleased to announce new access and security controls for Outlook for iOS and Android. With today’s update, Outlook now uses Active Directory Authentication Library (ADAL)-based authentication for Exchange Online mailboxes in Office 365, replacing the previously used basic authentication method. This new authentication method enables IT administrators to configure new access scenarios for sign in to Office 365 and to better control and manage Outlook on mobile devices in their organization.
Quick introduction to ADAL-based authentication
The ADAL-based authentication stack enables Outlook to engage in browser-based authentication with Office 365. Used by Office apps on both desktop and mobile, users sign in directly to Office 365’s identity provider (Azure Active Directory) to authenticate, rather than providing credentials to Outlook. The below screenshot shows the new sign in experience for users when connecting to an Office 365 Exchange Online mailbox from Outlook.
The new ADAL sign in page for Office 365.
This new sign in method enables new benefits for IT including OAuth for Office 365 and support for multi-factor authentication.
OAuth for Office 365
ADAL-based sign in enables OAuth for Office 365 accounts, providing Outlook with a secure mechanism to access email without requiring access to the user’s credentials. At sign in, the user authenticates directly with Office 365 and receives an access token in return, which grants Outlook access to your mailbox.
Outlook already uses OAuth for Outlook.com, OneDrive, Dropbox, Box and Gmail. As Exchange Active Sync does not support OAuth, we continue to use basic authentication for these users. You can read more about how we secure user credentials for Exchange on the Office 365 Network here.
Support for Office 365 multi-factor authentication
Outlook now supports multi-factor authentication for Office 365. Multi-factor authentication helps secure the user sign-in for cloud services beyond just a single password. When enabled, users are required to acknowledge a phone call, text message, or app notification on their smartphones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.
Admins can learn more about turning on multi-factor authentication for Office 365 on TechNet.
A straightforward sign in experience for users
With this update, users now have an “Office 365” login tile for connecting to an Office 365 mailbox from Outlook. As many users are used to selecting the “Exchange” tile for accessing their Office 365 email, we built intelligence into the sign in process to prevent users from getting stuck. If an Office 365 user selects Exchange out of habit, or by accident, Outlook will guide the user to login via the new ADAL sign in method.
Of course, we also have millions of users already signed in to Office 365 using basic authentication. Over the next week, all Office 365 users will receive a prompt to re-login, which will trigger the new ADAL sign in page. This will automatically convert their account from basic authentication to OAuth. If you’ve applied multi-factor authentication policies, these will immediately take effect.
All Office 365 users will receive this prompt in Outlook, which automatically moves their account from basic authentication to ADAL-based authentication.
More to come
The ADAL-based authentication stack also lays the foundation for our upcoming support of built-in mobile device management (MDM) for Office 365, as well as the MDM and mobile application management (MAM) capabilities of Intune and the Enterprise Mobility Suite. As we announced and demonstrated (starting at 2:00 hour mark) at our recent Ignite Conference, Outlook will soon be supporting these controls for protecting mailbox data and managing mobile devices in your organization. Stay tuned to the Office blog for more details.
Have a feature request? Share your ideas with us on our new user voice site at UserVoice.com. For any support requests or to report a bug, please contact us right from Outlook by navigating to Settings > Help > Contact Support.