System Requirements for Multi-Factor Authentication

“Legacy authentication” is a term Microsoft sometimes uses to describe basic authentication when used with its cloud-based services. This is in contrast with the term “modern authentication” which provides more security and capabilities.

As part of the ongoing effort to keep McMaster systems secure, legacy authentication has been disabled for students using Microsoft 365 email. Applications that do not support modern authentication will not be able to connect to a Microsoft 365 email account. The recommendation is to use a McMaster supported email client, Outlook Web Access.

This list is not intended to be comprehensive; it is only a list of known client applications. If you have one which should be added, please let us know.

• Outlook 2013 without special settings enabled (we recommend you upgrade)
• Outlook 2010 or earlier
• Mac Mail on Mac OS 10.13 or earlier
• Thunderbird
• Eudora
• Pine
• Android Touchdown
• Android BlueMail
• Any client application on iPhone 5 and lower (can use browsers to OWA)
• Any client application on iPad 4th generation and lower (can use browsers to OWA)
• Mail on iOS 10 or lower
• Any client application on Chromebooks (can use browsers to OWA)
• Most IMAP4 or POP3 clients
• Exchange Online PowerShell module

Legacy authentication cannot be protected by Multi-factor Authentication (MFA). Because the password is known to the application, it is less secure than modern authentication. If legacy authentication is not blocked for your account, 3rd party applications can ask for your credentials and have your password without you being aware they do.

All Microsoft cloud services are modern authentication capable.