Using Duo Two-Factor Authentication (2FA) to access Microsoft-based application and services


Beginning December 24 for students and December 31 for University employees, a new screen will now prompt users to select “Approve with Duo Two-Factor Authentication” to complete the sign-in process for Microsoft-based applications and services.

As a result of the change, students and employees may also be signed out of their current Microsoft-based applications and services, such as Outlook, OneDrive and Teams as well as any application using Microsoft sign-in, like Apple Mail and Calendar.

Step 1: The Microsoft sign-in page.

Moving forward, whenever you log in to an app or service with your Princeton Microsoft account, there will be an additional screen. 

Enter your netid@princeton.edu, as normal. 

 

Step 2: Enter password in Microsoft sign-in page

The Microsoft sign-in page detects your Princeton netID and reacts by giving you the appropriate Princeton authentication experience. Enter your password in the Microsoft sign-in page, as shown below:

Step 3: Multi-factor Authentication

Assuming you entered a valid password, you’ll be asked to “Verify your identity”. Note that this screen includes the Princeton logo at the top and the Princeton-specific help text at the bottom. You should only see “Approve with Duo Two-Factor Authentication” as shown.

If you do not see the "Approve with Duo Two-Factor Authentication" option, please call the Service Desk directly (609) 258-4357. 

Once you have chosen “Approve with Duo Two-Factor Authentication”, you will be directed to a Duo verification page.

If you previously set up Authenticator, you may be shown a different option.

If prompted to install Microsoft Authenticator, select I want to use a different authenticator app or Sign in another way and follow the prompts for Duo Two-Factor Authentication.

Step 4: Verify using Duo

You should see the same authentication methods that you have enrolled in via https://oit.princeton.edu/duo. The default method should run automatically, but you can manually pick any of the methods listed. Depending on your device, you may also see a prompt asking “Do you trust princeton.edu?”. If so, select “Continue”.

Note: This screen will only show the last 4 digits of any phone number used as an authentication method. For privacy purposes, we’ve blurred these in the screenshot above.