Upcoming changes to Office365
What's going on?
The University has decided that the current method of logging into Office365 using a basic username/password is no longer secure enough. As such they will be implementing new security requirements for e-mail clients (ie: the e-mail program installed on your computer/tablet/smartphone) that will go into effect starting March 1, 2022. I'm told the new requirements will be done in phases over the course of the month.
What changes are University IT implementing?
Two changes:
The use of Duo will be mandatory when your computer/device is not connected to a UR network and you're trying to connect to O365 using the mail client installed on that computer/device.
To clarify, the use of Duo is not required if:
- you're physically plugged into the UR network in your office/lab via Ethernet
- you're on a non-guest UR wireless network
- you're remotely connected to the UR network via VPN
In all other cases you must use Duo, and more importantly your mail client must have built-in support for Duo.
2) All e-mail clients will be required to use an O365-specific protocol for logging in called OAuth2 (which University IT refers to as "modern auth").
Is that all?
Unfortunately, no.
I've also been informed that on October 1, 2022 Microsoft will stop supporting the use of the industry-standard e-mail protocols for checking/sending e-mail (ie: IMAP, POP, and SMTP) and will only support the use of Microsoft-specific protocols (commonly referred to as "Exchange format") with Office365. This will also render some mail clients wholly incompatible with Office365.
So...what does this all mean?
I'm not going to lie...the combination of the security changes being implemented by University IT and the service changes being implemented by Microsoft are going to cause a lot of upheaval for several of us. Some users will need to switch to a different mail client entirely, others will need to reconfigure the one they're already using. Since there are so many ways for us to use e-mail, everybody's "solution" to this problem will be a little different.
In my mind the best course of action is for all of us to implement all three changes at one time to minimize the impact on our workflows. Decide which "supported" mail client you want to use and configure it to use Duo/OAuth2/Exchange format...this puts you in the right position to continue using O365 in the future.
Is my current e-mail client compatible with these new requirements?
Per University IT, the e-mail clients that they will officially support are as follows:
Microsoft Windows: Microsoft Outlook
Macintosh computers: Apple Mail or Microsoft Outlook
Linux: Mozilla Thunderbird (with a PAID add-on called "OWL" that adds the needed "Exchange format" support)
Apple iDevices: Apple Mail or Microsoft Outlook
Android devices: Microsoft Outlook
All of these mail clients support OAuth2, have built-in support for Duo, and can configure user accounts for "Exchange format". Note that the use of the OWL plug-in with Thunderbird may not be a long-term solution...OWL relies on some Microsoft technologies that the company considers obsolete and the company could terminate them at some point in the future.
This does NOT mean that other mail clients won't work (for example, Thunderbird on a Mac or the Evolution mail client for Linux can both be made to work), but the clients listed above are what they will be officially supporting.
What about the webmail system (OWA)?
None of these changes will have any affect on the OWA webmail interface found at http://owa.ur.rochester.edu. These changes are limited to mail clients that are locally installed on your computing devices.
Note: Do not try to use the encrypted address "https://owa.ur.rochester.edu" for accessing OWA...it doesn't work. Only the non-encrypted http version of the address works.
What if I'm already using one of the mail clients listed above?
Already being a user of one of the "supported" e-mail clients is a big plus, but it doesn't automatically mean you won't have to reconfigure your mail client(s) to make them compliant with the new security restrictions. University IT has released documentation describing how to install/modify various mail clients to enable the new requirements...that documentation is here:
https://tech.rochester.edu/tutorials/configuring-email-with-duo/
So...what do I need to do?
The first thing you need to do is NOT PANIC! 
While e-mail can get really complicated it's not an insurmountable problem and you have resources (including myself and University IT) to help you with this. Always remember that the webmail client for O365 is available in a pinch if your mail client(s) aren't functioning correctly:
My first suggestion is for you to make sure the Duo account associated with your River Campus AD account (called "UR Active Directory" in Duo) is enabled. The Duo account used for making VPN connections to the university (called "University IT NetID" in Duo) is not the correct version of Duo for O365. Here's a link for enabling the AD-version of Duo on your smartphone or tablet (the process requires you to be connected to the UR network):
https://tech.rochester.edu/enroll-in-duo/
The next thing I suggest you do is perhaps take inventory of how you currently interact with O365 (ie: what mail clients you currently use and what devices you use them on) and use this as an opportunity to possibly make some beneficial changes. Perhaps standardizing on the same mail client for all of your devices, or even changing which devices you do and don't use with O365 will improve your workflow.
Once you have an idea of how you'd like to move forward, you'll want to consult the documentation provided by University IT regarding how to (re)configure the various supported mail clients. Again, the link to that page is:
https://tech.rochester.edu/tutorials/configuring-email-with-duo/
As always, feel free to reach out to me if you have any questions or concerns.