Outlook for iOS and Android gives Office 365 users a more secure sign-in option

The changes add support for two-factor authentication, and don't require users give the app their password

Office 365 users have a new, more secure method of logging into Microsoft's Outlook apps for iOS and Android, thanks to an update the company announced Wednesday.

The update, which will be rolling out over the next few days, adds a new Office 365 sign-in tile to the app, which lets a user access the Exchange Online email associated with their Office 365 account. Logging in through that tile will allow users to authenticate through Office 365's identity provider directly, rather than storing their log-in credentials in the Outlook app. Once someone has logged in using that system, Office 365 will pass the app a token that it can use to access the email account going forward without access to a user's password.

Outlook for iOS and Android already uses that same OAuth-based system for other services that it integrates with, like Outlook.com, OneDrive, Dropbox and Gmail.

Using this login system, powered by Microsoft's Active Directory Authentication Library, provides users and IT administrators with a number of security benefits, including full support for multi-factor authentication when they sign in. The Outlook application will also never save a user's Office 365 password, because the login process is handled directly by the service's identity provider. Users and administrators can also revoke the token the app has been given in the event a device is lost or stolen, which will prevent unauthorized access to the data without requiring a password change.

Office 365 users who already use the app through its Exchange sign-in option will be prompted over the coming days to change to the new Office 365 method, so they can reap the added security benefits.

The security upgrade sets the stage for future updates that will provide enterprise IT administrators with greater control over how people can use data from their company email accounts. Later this year, Microsoft will roll out an update providing added security features like the ability to restrict users' ability to copy and paste text from their email.

All of this is based on Microsoft's acquisition of Acompli late last year. That company's email app is the foundation for Outlook for iOS and Android, and a key part of Microsoft's ongoing push to get its applications and services onto mobile devices running its competitors' operating systems. Earlier this month, Microsoft acquired 6Wunderkinder, the company behind to-do list app Wunderlist, to further its cross-platform ambitions.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies