December 14, 2024
122821_2015_Howtoconfig1.png
Today, I ma going to show you how to configure Cisco DUO two-factor authentication for Outlook Web App of Exchange 2013 and later.

Today, I ma going to show you how to configure Cisco DUO two-factor authentication for Outlook Web App of Exchange 2013 and later.

122821 2015 Howtoconfig1 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

1.Check your server versions before starting. These instructions are for Exchange Server 2013 and 2016, running on Windows Server 2012 or newer, and Exchange Server 2019, running on Server 2019. It also requires .NET Framework 4.5 and ASP.NET 4.5.

2.Login to Exchange Servers and running the following PowerShell commands to make sure you have installed .NET Framework 4.5.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-Core

122821 2015 Howtoconfig2 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

3.Run the following PowerShell commands to make sure you have installed ASP.NET 4.5 support for IIS and HTTP Activation.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-ASPNET

Add-WindowsFeature NET-WCF-HTTP-Activation45

122821 2015 Howtoconfig3 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

4.Run the following PowerShell commands to make sure that the IIS Management Scripts and Tools feature is turned on.


Import-Module ServerManager

Add-WindowsFeature Web-Scripting-Tools

122821 2015 Howtoconfig4 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

5.Sign up for a Duo account. The detail steps as following link.

How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #MFA #mvphour – CarySun

6.Log in to the Duo Admin Panel and navigate to Applications.

122821 2015 Howtoconfig5 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

7.On the Application page, Click Protect an Application.

122821 2015 Howtoconfig6 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

8.On the Protect an Application, locate the entry for Microsoft OWA in the applications list, click Protect.

122821 2015 Howtoconfig7 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

9.Take a note for the integration key, secret key, and API hostname. You’ll need this information to complete your setup.

122821 2015 Howtoconfig8 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

10.Download the Duo OWA Installer Package for Exchange 2013+. View checksums for Duo downloads here.

https://dl.duosecurity.com/duo-owa-latest.msi

11.Login to Exchange Server (Client Access Services).

12.Launch the Duo Security installer MSI from an elevated command prompt (right-click “Command Prompt” and select the “Run as Administrator” option). Accept the license agreement and continue.

13.Click Run at the Open File – Security Warning.

122821 2015 Howtoconfig9 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

14.At the Welcome page, click Next.

122821 2015 Howtoconfig10 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

15.Enter your integration key, secret key, and API hostname when prompted.

If you leave the “Bypass Duo authentication when offline” box in the Duo installer checked, then your users will be able to logon without completing two-factor authentication if the Duo Security cloud service is unreachable. If that box is unchecked then all OWA login attempts will be denied if there is a problem contacting the Duo service.

Duo for OWA sends a user’s Windows sAMAccountName to Duo’s service by default. To send the userPrincipalName to Duo instead, check the Send username to Duo in UPN format box. For this to work, OWA and ECP must be using Forms-Based Authentication (FBA).

If you enable the UPN username format option, you must also change the properties of your OWA application in the Duo Admin Panel to change the “Username normalization” setting to None. Otherwise, Duo drops the domain suffix from the username sent from OWA to our service, which may cause user mismatches or duplicate enrollment.

122821 2015 Howtoconfig11 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

16.Select the option to automatically generate a new key if you only have one Exchange Server is running the Client Access Server role, click Next.

122821 2015 Howtoconfig12 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

17. if you have multiple Client Access servers then you should manually generate a random string at least 40 characters long, and use the same string as the session key during installation on each of the servers, running the following PowerShell commands to generate a suitable session key.


$bytes = new-object "System.Byte[]" 40

(new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($bytes)

[Convert]::ToBase64String($bytes)

122821 2015 Howtoconfig13 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

18.Enter the shared session key, click Next.

122821 2015 Howtoconfig14 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

19.Click Install to install Duo Security OWA Integration.

122821 2015 Howtoconfig15 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

20.Complete the Duo installation. The installer stops and then restarts IIS services automatically, click Finish.

122821 2015 Howtoconfig16 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

21.Repeat steps to install Duo Security OWA Integration for all Exchange Servers.

22.you can try to access OWA after install has done for all exchange servers.

122821 2015 Howtoconfig17 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

23.On the OWA Login Page, click Send Me a Push.

122821 2015 Howtoconfig18 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

24.Click Approve check mark at your phone DUO app.

122821 2015 Howtoconfig19 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

25.You will success login to OWA.

122821 2015 Howtoconfig20 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Author: Cary Sun

Cary Sun has a wealth of knowledge and expertise in data center and deployment solutions. As a Principal Consultant, he likely works closely with clients to help them design, implement, and manage their data center infrastructure and deployment strategies.
With his background in data center solutions, Cary Sun may have experience in server and storage virtualization, network design and optimization, backup and disaster recovery planning, and security and compliance management. He holds CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1999. Cary is also a Microsoft Most Valuable Professional (MVP), Microsoft Azure MVP, Veeam Vanguard and Cisco Champion. He is a published author with several titles, including blogs on Checkyourlogs.net, and the author of many books.
Cary is a very active blogger at checkyourlogs.net and is permanently available online for questions from the community. His passion for technology is contagious, improving everyone around him at what they do.

Blog site: https://www.checkyourlogs.net
Web site: https://carysun.com
Blog site: https://gooddealmart.com
Twitter: @SifuSun
in: https://www.linkedin.com/in/sifusun/
Amazon Author: https://Amazon.com/author/carysun