How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

      Comments Off on How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Today, I ma going to show you how to configure Cisco DUO two-factor authentication for Outlook Web App of Exchange 2013 and later.

122821 2015 Howtoconfig1 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

1.Check your server versions before starting. These instructions are for Exchange Server 2013 and 2016, running on Windows Server 2012 or newer, and Exchange Server 2019, running on Server 2019. It also requires .NET Framework 4.5 and ASP.NET 4.5.

2.Login to Exchange Servers and running the following PowerShell commands to make sure you have installed .NET Framework 4.5.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-Core

122821 2015 Howtoconfig2 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

3.Run the following PowerShell commands to make sure you have installed ASP.NET 4.5 support for IIS and HTTP Activation.


Import-Module ServerManager

Add-WindowsFeature NET-Framework-45-ASPNET

Add-WindowsFeature NET-WCF-HTTP-Activation45

122821 2015 Howtoconfig3 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

4.Run the following PowerShell commands to make sure that the IIS Management Scripts and Tools feature is turned on.


Import-Module ServerManager

Add-WindowsFeature Web-Scripting-Tools

122821 2015 Howtoconfig4 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

5.Sign up for a Duo account. The detail steps as following link.

How to Configure two-factor authentication to Remote Desktop and local logons and credentialed UAC elevation prompts for free #Cisco #DUO # Remote Desktop Services #Microsoft #2FA #UAC #Free #MFA #mvphour – CarySun

6.Log in to the Duo Admin Panel and navigate to Applications.

122821 2015 Howtoconfig5 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

7.On the Application page, Click Protect an Application.

122821 2015 Howtoconfig6 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

8.On the Protect an Application, locate the entry for Microsoft OWA in the applications list, click Protect.

122821 2015 Howtoconfig7 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

9.Take a note for the integration key, secret key, and API hostname. You’ll need this information to complete your setup.

122821 2015 Howtoconfig8 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

10.Download the Duo OWA Installer Package for Exchange 2013+. View checksums for Duo downloads here.

https://dl.duosecurity.com/duo-owa-latest.msi

11.Login to Exchange Server (Client Access Services).

12.Launch the Duo Security installer MSI from an elevated command prompt (right-click “Command Prompt” and select the “Run as Administrator” option). Accept the license agreement and continue.

13.Click Run at the Open File – Security Warning.

122821 2015 Howtoconfig9 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

14.At the Welcome page, click Next.

122821 2015 Howtoconfig10 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

15.Enter your integration key, secret key, and API hostname when prompted.

If you leave the “Bypass Duo authentication when offline” box in the Duo installer checked, then your users will be able to logon without completing two-factor authentication if the Duo Security cloud service is unreachable. If that box is unchecked then all OWA login attempts will be denied if there is a problem contacting the Duo service.

Duo for OWA sends a user’s Windows sAMAccountName to Duo’s service by default. To send the userPrincipalName to Duo instead, check the Send username to Duo in UPN format box. For this to work, OWA and ECP must be using Forms-Based Authentication (FBA).

If you enable the UPN username format option, you must also change the properties of your OWA application in the Duo Admin Panel to change the “Username normalization” setting to None. Otherwise, Duo drops the domain suffix from the username sent from OWA to our service, which may cause user mismatches or duplicate enrollment.

122821 2015 Howtoconfig11 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

16.Select the option to automatically generate a new key if you only have one Exchange Server is running the Client Access Server role, click Next.

122821 2015 Howtoconfig12 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

17. if you have multiple Client Access servers then you should manually generate a random string at least 40 characters long, and use the same string as the session key during installation on each of the servers, running the following PowerShell commands to generate a suitable session key.


$bytes = new-object "System.Byte[]" 40

(new-object System.Security.Cryptography.RNGCryptoServiceProvider).GetBytes($bytes)

[Convert]::ToBase64String($bytes)

122821 2015 Howtoconfig13 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

18.Enter the shared session key, click Next.

122821 2015 Howtoconfig14 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

19.Click Install to install Duo Security OWA Integration.

122821 2015 Howtoconfig15 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

20.Complete the Duo installation. The installer stops and then restarts IIS services automatically, click Finish.

122821 2015 Howtoconfig16 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

21.Repeat steps to install Duo Security OWA Integration for all Exchange Servers.

22.you can try to access OWA after install has done for all exchange servers.

122821 2015 Howtoconfig17 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

23.On the OWA Login Page, click Send Me a Push.

122821 2015 Howtoconfig18 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

24.Click Approve check mark at your phone DUO app.

122821 2015 Howtoconfig19 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

25.You will success login to OWA.

122821 2015 Howtoconfig20 - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Hope you enjoy this post.

Cary Sun

Twitter: @SifuSun

Web Site: carysun.com

Blog Site: checkyourlogs.net

Blog Site: gooddealmart.com

ca16fbd3199de5f66b829b87082fb970?s=80&d=retro&r=g - How to configure Cisco DUO for Outlook Web App (OWA) of Exchange 2013 and later

Author: Cary Sun

Cary Sun is an Principal Consultant, He has a strong background specializing in datacenter and deployment solutions, and has spent over 20 years in the planning, design, and implementation of network technologies and Management and system integration.He hold CISCO CERTIFIED INTERNETWORK EXPERT (CCIE No.4531) from 1997.Cary is also a Microsoft Most Valuable Professional (MVP) and Cisco Champion, He is a published author with serveral titles, include blogs on Checkyourlogs.net, author for many books. Specialties: CCIE /CCNA / MCSE / MCITP / MCTS / MCSA / Solution Expert / CCA
Blog:
http://www.carysun.com http://www.checkyourlogs.net
Twitter:@SifuSun