MFA Legacy FAQ

Why are Legacy applications no longer allowed?

Legacy mode is no longer allowed because Legacy applications bypass the protection provided by MFA. Because of this risk, it is important that we fully protect all accounts using MFA.

Currently, accounts which have Legacy mode enabled are not fully protected by MFA. An attacker could still take over such an account and send out phishing emails impersonating the account owner which makes the phishing attack much harder to detect. Additionally, an attacker could potentially access sensitive information within the account.


What does "Legacy" mean?

"Legacy" is the term used to describe an application that uses an older method of authentication. This means that when you log in using a Legacy application, the login process cannot be protected by newer security technologies such as Multifactor Authentication (MFA). Individuals have had the ability to "opt-in" to legacy mode if they need to use a Legacy application, however, accounts which allow Legacy applications are not fully protected from an attacker taking over the account.

How old can my device be in order to work with Duo MFA?

It depends. It is less a question of the age of the device as it is the application that is being used. Legacy applications exist for the newest devices as well as devices that are quite old, so it is important to make sure that your device is compatible with one of the supported applications. In some cases, there may not be a supported application compatible with older devices.

What applications work with Office 365?

These applications have been tested and are known to work:

OS Applications

Microsoft Windows

Microsoft Office 2016 (recommended)
Microsoft Office 2013 (with additional configuration)
Apple Mac OS X Microsoft Office 2016 (recommended)
Mac Mail (10.14 Mojave and higher)
Android Outlook for Mobile (recommended)
Apple iOS Outlook for Mobile (recommended) (for iOS 11+)

Additionally, logging in using any current web browser should work.

What applications do not work with Office 365?

The applications listed below have been identified as "Legacy" applications and will no longer work:

OS Applications
Microsoft Windows Thunderbird
Microsoft Office 2013 and prior
Windows Mail
Apple Mac OS X Thunderbird
Microsoft Office 2011 and prior
Mac Mail (10.13 High Sierra and older)
Android Android Mail
Apple iOS (iOS 10 and older)

What if my app isn't listed in the supported applications list?

It is possible that your application may work as we are unable to test every application. If you are having problems with an application that is not listed, please contact the Student Technology Center (for students) or your Local Support personnel (for employees) for assistance in determining whether the application is compatible.

How do I disable Legacy mode on my account?

Before Legacy mode can be disabled, you will need to ensure that all of your applications are compatible. Once you have confirmed that all applications are compatible, follow these steps to disable Legacy mode:
  1. Go to and login if prompted
  2. On the left side of the page, select "Legacy Email"
  3. Click "Disable Legacy Email"
Note that once Legacy Email has been disabled, it cannot be re-enabled.
You may also contact your Local Support team to assist you with this.

How can I enable Legacy mode on my account?

You can no longer enable Legacy mode on your individual account because of the increased risk that it creates. Exceptions can be made by the ITS Security office on a case by case basis if there is a business need and there is no alternative. To request an exception, contact your Local Support team.

100% helpful - 1 review


Article ID: 1078
Thu 9/6/18 3:04 PM
Tue 12/22/20 4:07 PM