View All Resources

PennO365 with Two-Step Verification

PennO365 works with the University’s multi-factor authentication service, Two-Step Verification. Two-Step Verification provides an additional level of security to both PennKey and PennO365 credentials. For more information about the Two-Step Verification service, see

Please note that users must first be enrolled in Penn Two-Step Verification to use PennO365 with Two-Step Verification.

Recommended email and calendaring clients

For the best experience, ISC strongly recommends using Outlook for Office 365 (also known as ProPlus and click-to-run), Outlook on the Web, and Outlook apps for both Android and iOS when using PennO365 with Penn’s Two-Step Verification system. Outlook users can more easily complete initial configuration with no or minimal IT support. In addition, Outlook email and calendaring clients provide the smoothest ongoing user experience, reducing the overall support workload, and encouraging adoption.

Using O365 Two-Step

Logging into PennO365 using Two-Step Verification

Logging into PennO365 using Two-Step Verification is very similar to using Two-Step with Weblogin-protected web sites. The first thing a user will need to do is log into their PennO365 account on the website or client software.

Important note: When logging into a PennO365 account on a Windows system, be sure that the domain selected is “”.  Windows systems connected to a domain may substitute that domain’s name when logging into a PennO365 account. Should this happen, you will need to change the domain to “” to log in successfully.

Upon logging in with a PennO365 login and password, Two-Step-supported clients or web browsers will display a window similar to the following image:

Duo Universal Prompt - Duo Push screen

  • Two-Step Verification for PennO365 is only recommended with the latest version of Outlook for Office365 (formerly Click-to-Run), Outlook on the Web, and the current version of the Outlook app for both Android and iOS.
  • The use of other email clients is not recommended. In testing, native email clients such as Windows Mail, Apple Mail, the Android Mail app, and others operated inconsistently. 
  • ISC recommends using the Duo Mobile app on your iOS or Android smartphone to receive push notifications or generate Duo Mobile passcodes.
  • SMS messages, automated phone calls, and codes generated by a Duo fob are also supported.
  • See the Two-Step Verification: FAQ for more on supported second factors.
  • When you log into Outlook for the first time after enrolling, you will be prompted for a Two-Step Verification code. You will only be prompted again if there is a significant change (e.g., upgrade to Outlook), if you have signed out on that device, or haven't used the device for a longer period of time.  
  • A new login from a different device, or client (e.g., a different web browser), however, will result in a Two-Step Verification prompt.
  • To make sure no one has access to your account, please use the following steps:
    • When using a shared device, click "No, other people use this device" and be sure to sign out of your Outlook when finished.
    • Be sure to never save passwords on shared devices.
  • Use the most up-to-date versions of Microsoft Outlook on any device you use.
  • Use Duo Mobile for the best Two-Step Verification experience.
  • When you use a new device or browser for the first time, expect a verification prompt.
  • If you are using a device or computer that is used only by yourself, click "Yes, this is my device" to decrease the number of Two-Step Verification prompts you may receive. 
  • After Two-Step Verification is initially turned on for your account, you may receive multiple verification prompts; this is normal and will resolve as you access devices and browsers.