2 factor authentication to access O365 email
My institution will require Duo 2-step authentication to access to its O365 Exchange email system. They want to force everyone to use desktop client Outlook, but I have used Thunderbird (with Exquilla add-on) flawlessly for years. My institution does not allow use of App Passwords. I have seen conflicting entries about how to enable TB to work well with an O365 system using Duo 2FA. I don't even know if there is a problem with TB accessing the exchange email site outlook.office365.com/EWS/Exchange.asmx if I have an active 2-step authenticated session open in a browser. I have seen conflicting statements about TB 68 vs TB 78 regarding 2FA, and the use of OAuth2 authentication, which is an option even on TB 60. Obviously I can try out various things, but the risk is losing all email access in the process without being able to easily recover (once 2FA is activated, I cannot turn it off).
In view of how many places now require 2FA and how many people use TB, I would like some clarity on how to make them work together. I hope that someone with actual knowledge/experience with this can help (I cannot imagine I am the first to want to make this work). If this belongs in a different board, let me know. Thanks.
Krejt Përgjigjet (3)
Starting with Thunderbird 77.0b (beta), Microsoft (Office) 365 OAuth2 (Modern Authentication) is supported for IMAP and POP. This means enabling 2fa is not a cause for concern. The Exchange Web Services (EWS) protocol is not natively supported by Thunderbird, hence the need to use the Exquilla add-on as a provider for EWS connectivity between your MS 365 account and Thunderbird. I'm assuming IMAP and POP access were disabled for your account by your domain admin. Your best bet is to engage the author of Exquilla and find out if the current version of the add-on works with 2fa via the EWS protocol.
Thank you! - this is really helpful. You are insightfully correct that IMAP and POP are not allowed. In the current account settings for my O365/TB/Exquilla account, it does offer an authentication method "Office 365 Multi-Factor Authentication". However, this may refer only to the 2FA system within O365 itself. In the later version history of Exquilla it says, as an added feature: "Authentication: Detect third party MFA", which I presume would be the case for Duo 2FA. (https://addons.thunderbird.net/en-US/thunderbird/addon/exquilla-exchange-web-services/versions/). I have contacted Exquilla for confirmation about this. Will post the results. Thanks again.
• Microsoft Hotmail/Outlook,etc related settings for TB . O365. • https://stackoverflow.com/a/63255601/3553808 : Access WebMail Type Of Email-WebSites From TB-WebBrowser-Tab , or , Configure TB to allow very specific OAuth2 based website-addresses in TB's Cookie-Exception list, etc, etc. (please upvote my Q+A both, inside the linked page, if its useful/helpful).
TB = Thunderbird.