Outlook on the web, or Outlook Web Access (OWA), is the browser-based counterpart to the on-premises email and task management application Microsoft Outlook. With the solution providing enterprise users access to their email, calendars, tasks, and contacts from Microsoft Exchange directly from their web browsers, securing logins to OWA is pivotal. The existing username and password-based authentication process is not considered secure enough. Unauthorized access to a user's OWA interface risks the exposure of sensitive business information and confidential email correspondence between users.
An effective solution is to supplement the logins with further authentication levels through two-factor authentication or multi-factor authentication (MFA). ManageEngine's ADSelfService Plus, an integrated self-service password management and single sign-on solution, accomplishes this. The product provides MFA for OWA and Exchange admin center (EAC) logins by implementing additional authentication steps in addition to the default username and password. This means that even if a user's credentials are misused, the enforced MFA process prevents the user account from being compromised. Unlike other solutions, ADSelfService Plus does not offer just two-factor authentication, but also includes options to enable a maximum of three additional authentication factors. MFA is achieved through various authentication methods including biometric authentication, Microsoft Authenticator, and YubiKey Authentication.
To configure MFA for OWA and EAC logins, the ADSelfService Plus' OWA connector must be installed in the Exchange server. The connecter acts as the intermediary between the Exchange server and ADSelfService Plus to enable MFA during OWA and EAC logins. Once these requirements are fulfilled, the process shown below takes place:
MFA for OWA and EAC logins can be configured for the following Exchange versions:
Employing ADSelfService Plus' MFA for OWA logins offers the following benefits:
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.