Skip to main content

New access and security controls for Outlook for iOS and Android

We are pleased to announce new access and security controls for Outlook for iOS and Android. With today’s update, Outlook now uses Active Directory Authentication Library (ADAL)-based authentication for Exchange Online mailboxes in Office 365, replacing the previously used basic authentication method. This new authentication method enables IT administrators to configure new access scenarios for sign in to Office 365 and to better control and manage Outlook on mobile devices in their organization.

Quick introduction to ADAL-based authentication

The ADAL-based authentication stack enables Outlook to engage in browser-based authentication with Office 365. Used by Office apps on both desktop and mobile, users sign in directly to Office 365’s identity provider (Azure Active Directory) to authenticate, rather than providing credentials to Outlook. The below screenshot shows the new sign in experience for users when connecting to an Office 365 Exchange Online mailbox from Outlook.

New access and security controls for Outlook for iOS and Android 1

The new ADAL sign in page for Office 365.

This new sign in method enables new benefits for IT including OAuth for Office 365 and support for multi-factor authentication.

OAuth for Office 365

ADAL-based sign in enables OAuth for Office 365 accounts, providing Outlook with a secure mechanism to access email without requiring access to the user’s credentials. At sign in, the user authenticates directly with Office 365 and receives an access token in return, which grants Outlook access to your mailbox.

Outlook already uses OAuth for, OneDrive, Dropbox, Box and Gmail. As Exchange Server on-premises does not support OAuth, we continue to use basic authentication for these users. You can read more about how we secure user credentials for Exchange on the Office 365 Network here.

Support for Office 365 multi-factor authentication

Outlook now supports multi-factor authentication for Office 365. Multi-factor authentication helps secure the user sign-in for cloud services beyond just a single password. When enabled, users are required to acknowledge a phone call, text message, or app notification on their smartphones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.

Admins can learn more about turning on multi-factor authentication for Office 365 on TechNet.

New access and security controls for Outlook for iOS and Android 2

A straightforward sign in experience for users

With this update, users now have an “Office 365” login tile for connecting to an Office 365 mailbox from Outlook. As many users are used to selecting the “Exchange” tile for accessing their Office 365 email, we built intelligence into the sign in process to prevent users from getting stuck. If an Office 365 user selects Exchange out of habit, or by accident, Outlook will guide the user to login via the new ADAL sign in method.

Of course, we also have millions of users already signed in to Office 365 using basic authentication. Over the next week, all Office 365 users will receive a prompt to re-login, which will trigger the new ADAL sign in page. This will automatically convert their account from basic authentication to OAuth. If you’ve applied multi-factor authentication policies, these will immediately take effect.

New access and security controls for Outlook for iOS and Android 3

All Office 365 users will receive this prompt in Outlook, which automatically moves their account from basic authentication to ADAL-based authentication.

More to come

The ADAL-based authentication stack also lays the foundation for our upcoming support of built-in mobile device management (MDM) for Office 365, as well as the MDM and mobile application management (MAM) capabilities of Intune and the Enterprise Mobility Suite. As we announced and demonstrated (starting at 2:00 hour mark) at our recent Ignite Conference, Outlook will soon be supporting these controls for protecting mailbox data and managing mobile devices in your organization. Stay tuned to the Office blog for more details.

Have a feature request? Share your ideas with us on our new user voice site at For any support requests or to report a bug, please contact us right from Outlook by navigating to Settings > Help > Contact Support.

You may also like these articles

4 must-haves in setting up a business email like an IT pro

Email is a mission-critical application for any business. Discover four must-haves in setting up a business email like a professional.

Enterprise email—what a new business needs to know

A small investment in a business email account can be the difference between success and failure for your new business.

Exchange Server 2007—end of support coming next year

Customers who are using Exchange Server 2007 for any of their email and calendar services should begin planning to move the associated mailbox data and resources to Office 365 or update their infrastructure to a newer version of Exchange, such as Exchange Server 2016.