This will be done by means of an Android emulator.
![]()
Office 365 MFA and the Apple Mail app for iOS concern? We ourselves and several customers using Office 365 have noticed a recent issue with the Apple Mail app for iOS when Office 365 MFA is enabled. It will also stop native Mail app from working. Microsoft feel free to chime in here and tell us what the heck is going on! The 'OWA' (Outlook Web App) client for iOS and Android is not the same as the Microsoft Outlook app and does not work with Duo MFA. The iOS native mail app supports Modern Authentication and Duo in version 11 and later, however, after you enable Duo MFA for Office 365 on your iOS device, you will need to remove and re-add your email profile. If you do not require MFA, check our instructions for setting up your Apple mail. If you are using an iPhone and are required to use Multi-Factor Authentication (MFA), we recommend that you use the Outlook for iPhone app to connect to Office 365 for your mail, contacts, etc. Because the native mail app in iOS does not support MFA. Office 365 Web Apps Offer Smooth Transition from Native Apps By Ken Withee, Jennifer Reed In addition to running Office applications, such as Word and Excel on your local computer, Office 365 also includes a web version of these applications called Office Web Apps. Apr 10, 2018 Discussion about Samsung/Android Mail with Office 365 using Multi Factor Authentication. The problem is that for some reason the native Samsung/Android mail app cannot cope with this. Cannot use MFA. If your IT department does not allow using App Passwords, then you will have to use the Outlook App, or just use Office 365's.
Apple’s native iOS Mail app has a security risk. Here’s how to fix it.
Posted: 18:25:17, Monday, Sep 24, 2018 Expiration: 18:25:17, Monday, Oct 1, 2018
The UW-Madison Office 365 team identified a security issue with Apple’s native iOS Mail app that could expose NetID credentials on the network the device is connected to. Apple is aware of this security issue and has mitigated the risk in the newly released iOS 12 update. Here’s what you need to do:
If you use the iOS Mail app, follow these steps to fix it:
Native Mac Mail App With Office 365 Mfa Account
If you have an older device that is not on the list as being compatible for iOS 12, follow these steps to fix it:
Learn more
![]() Office 365 Mfa SetupFrequently Asked Questions (FAQ)What applications on the Apple device are affected?
The native Mail app on iOS is affected. It is a flaw in Apple iOS Mail’s implementation of the AutoDiscover protocol for connecting to Exchange using ActiveSync.
What Apple devices are affected?
All iOS devices are potentially affected. iPhone, iPad, iPod Touch. We have observed instances of devices with the latest version of iOS 11 being affected.
Who can observe the unencrypted passwords?
Anyone on the same network is able to observe and record user passwords. It is possible for a malicious actor to monitor a network over a long period of time to obtain passwords from affected Apple devices. An active attacker could manipulate the user into misconfiguring their device. Faculty and researchers traveling overseas could be at risk for this scenario.
On which networks are users at risk?
The vast majority of networks pose a risk for users. Public WiFi, coffee shops, airports, hotels are particularly concerning. Sending unencrypted traffic over any network, even campus WiFi, is risky.
What applications on the device can people use instead?
The app “Outlook for iOS” (named “Outlook” in the App Store) is safe to use and it is the recommended client for iOS users. It has been recommended by Microsoft and the UW-Madison Office 365 support team for the most reliable user experience.
How does Apple iOS Mail get into a vulnerable state?
The problem can be simulated on devices running iOS 11 (or lower) by unchecking “Use SSL” in the Exchange/ActiveSync account advanced settings. It is possible that people are accidentally disabling SSL. Another theory is that devices are “downgraded” to an insecure configuration based on incidental (e.g. firewalls, captivators) or malicious (e.g. man-in-the-middle) failed HTTPS network responses during the Exchange/ActiveSync Autodiscover process.
Can people fix Apple iOS Mail on their device?
Yes. Ensure that “Use SSL” is enabled in the Exchange/ActiveSync account advanced settings. We recommend people with devices running the latest version of iOS 11 or iOS 12 delete the Exchange/ActiveSync account in Settings and configure the account to ensure it’s using Office 365 Modern Authentication. This also adds compatibility with the Duo multi-factor authentication service that is being deployed at UW-Madison. People with older devices should strongly consider switching to the Microsoft Outlook app, or purchase a newer device that is capable of running iOS 12.
Did Apple fix the problem in iOS 11?
No. Apple introduced the ability for Exchange/ActiveSync accounts to use Microsoft’s new “Modern Authentication” protocol (AutoDiscover V2). However, iOS 11 still allows SSL to be disabled during the configuration of legacy/manual setup of an Exchange/ActiveSync account (AutoDiscover V1).
Can all iOS devices be upgraded to iOS 12?
No. People are actively using older hardware than cannot upgrade to iOS 11 or iOS 12. Even if Apple completely fixes the problem in iOS 12 there will be devices that remain on the network transmitting passwords in the clear.
Is this a problem with Microsoft Exchange or Office 365?
No. The Exchange/ActiveSync server is redirecting the client to use HTTPS, but this occurs after the iOS device initiated the request over HTTP with the credential mistakenly included within the request. iOS 12 fixes this flaw by not sending the password before being redirected to HTTPS. In an ideal world, Microsoft should completely disable non-SSL connections to further protect users from misbehaving email clients, but there are legacy email clients that Microsoft needs to support. Similarly, Apple cannot completely remove the ability to disable SSL in iOS 12 due to legacy Exchange servers that Apple needs to support.
Can this problem happen with non-Microsoft email servers?
Potentially, yes. This problem could occur for non-Microsoft users any time a user configures their Apple device for an Exchange/ActiveSync account in their settings.
What can DoIT do about vulnerable devices?
In Spring 2018, all users who were not using ActiveSync have had the Activesync option disabled on their UW-Madison Office 365 account. New user mailboxes are created with ActiveSync disabled, as well. People may re-enable ActiveSync on their mailbox if they choose.
-- Office 365: Christina Gomez
Created: 13:41:02, Monday, Sep 24, 2018 (by Christina G.)
Updated: 18:53:22, Monday, Sep 24, 2018 (by Christina G.)
In addition to running Office applications, such as Word and Excel on your local computer, Office 365 also includes a web version of these applications called Office Web Apps. When working with the Office Web Apps, you simply open your web browser and browse to your SharePoint portal that contains your document. You can then open or edit your document right in the web browser.
Microsoft has gone to great pains to make the Office Web Apps experience very similar to the traditional Office experience. For example, when you are writing a Word document, you expect certain behavior. Microsoft has tried very hard to make the behavior you expect while working in Microsoft Word the same as you will find when using the Office Web App version of Word that is running in your web browser.
Because Office 365 uses a SAAS model, you are always instantly up-to-date. When Microsoft releases a new version of Office, your licensing is instantly upgraded. You don’t need to wait for the IT team to finally get the new product purchased and rolled out. When Microsoft flips the switch, everyone has the latest and greatest instantly available.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |