Pricing  Get Quote

MFA for OWA logins

Multi-factor authentication for OWA logins

Outlook on the web, or Outlook Web Access (OWA), is the browser-based counterpart to the on-premises email and task management application Microsoft Outlook. With the solution providing enterprise users access to their email, calendars, tasks, and contacts from Microsoft Exchange directly from their web browsers, securing logins to OWA is pivotal. The existing username and password-based authentication process is not considered secure enough. Unauthorized access to a user's OWA interface risks the exposure of sensitive business information and confidential email correspondence between users.

Secure OWA logins with ADSelfService Plus

An effective solution is to supplement the logins with further authentication levels through two-factor authentication or multi-factor authentication (MFA). ManageEngine's ADSelfService Plus provides MFA for OWA and Exchange admin center (EAC) logins by implementing additional authentication steps in addition to the default username and password. This means that even if a user's credentials are misused, the enforced MFA process prevents the user account from being compromised. Unlike other solutions, ADSelfService Plus does not offer just two-factor authentication, but also includes options to enable a maximum of three additional authentication factors. MFA is achieved through various authentication methods including the phishing-resistant and passwordless FIDO2 authentication, and biometric authentication.

How does MFA for OWA logins work?

To configure MFA for OWA and EAC logins, the ADSelfService Plus' OWA connector must be installed in the Exchange server. The connecter acts as the intermediary between the Exchange server and ADSelfService Plus to enable MFA during OWA and EAC logins. Once these requirements are fulfilled, the process shown below takes place:

Multi-factor authentication for OWA logins

  1. The user attempts to login to OWA or the EAC.
  2. The user is asked to complete the primary authentication in OWA application.
  3. If this is successful, the OWA application passes a request to the ADSelfService Plus connector which informs ADSelfService Plus to proceed with the authentication factors.
  4. If the user completes all the required authentication factors successfully, they are logged in to OWA or the EAC.

MFA for OWA and EAC logins can be configured for the following Exchange versions:

  • Exchange Server 2012
  • Exchanger Server 2013
  • Exchanger Server 2016
  • Exchanger Server 2019

Supported authentication methods:

  1. FIDO passkeys
  2. Fingerprint
  3. Face ID authentication
  4. Duo Security
  1. Microsoft Authenticator
  2. Google Authenticator
  3. YubiKey Authenticator
  4. Email verification

Learn more about the MFA authenticators that ADSelfService Plus supports for OWA logins.

Why choose ADSelfService Plus?

Employing ADSelfService Plus' MFA for OWA logins offers the following benefits:

  • Customizable and granular configuration: Enable specific authentication methods and number of authentication factors for users belonging to certain domains, groups, and organizational units.
  • Real-time audit reports: View detailed reports on OWA and EAC login attempts with information like time of logon, authentication methods used, and authentication success or failure status.
  • Holistic configuration: Use MFA to secure OWA and EAC logins, as well as local and remote logins into Windows, macOS, and Linux machines, and secure VPN logins for comprehensive endpoint security.
  • Achieve regulatory compliance: Comply with regulatory mandates such as the NIST and PCI-DSS which recommend enabling MFA for accessing email accounts.

Secure enterprise emails with MFA for Outlook on the web

  Download a free trial now!  Request demo


1. What is OWA?

Microsoft's Outlook on the web, previously known as Outlook Web App or Outlook Web Access (OWA), is an online email service that enables users to access their email, calendar, and contacts from any computer that is connected to the internet. Outlook on the web is tailor-made to function on web browsers, and it offers users a means to manage their email and other data remotely.

2. What does OWA MFA do?

Normally, while connecting to Outlook on the web, users are authenticated using only a username and password. MFA for Outlook on the web ensures that users verify their identities with multiple authenticators alongside usernames and passwords while logging in to Outlook on the web.

3. Does my organization need MFA for Outlook on the web?

Yes, it is essential to safeguard all Outlook on the web and Exchange admin center (EAC) logins in your organization using MFA. To prevent breaches, it is recommended to use strong identity verification measures like biometrics instead of the traditional username and password method, especially since Outlook gives users access to their email, calendar, tasks, and contacts from any web browser anywhere. On enabling MFA for on-premises Exchange and Outlook on the web, you can prevent user accounts from being compromised even if their credentials are compromised by attackers.

4. How do I set up MFA for Outlook on the web in my organization?

You can easily deploy MFA for Outlook on the web and EAC logins in a few simple steps using ADSelfService Plus. ADSelfService Plus allows you to enable more than two authenticators during login, and includes strong authenticators such as FIDO passkeys, biometrics, and YubiKey.

Check out this detailed walkthrough on how you can set up MFA for Outlook on the web in your organization using ADSelfService Plus. You can also schedule a personalized web demo with our product experts, or get in touch with our sales team at +1.312.528.3085 or for any further assistance.


Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by