Steps for logging into Office 365 with local ADFS+Duo MFA:

First, go to outlook.office365.com and put our institution e-mail address in:

Once you type in the institution e-mail address and click “Next”, we are taken to our locally hosted ADFS login page:

After typing in our password and clicking on the “Sign in” button, we get the Duo Security MFA prompt:

Here, we do “Send Me a Push” and this interacts with the Duo Security app on our phone. We click “Ok” on that and we get taken into our e-mail.

Take-a-ways:

1. Office365 does not use Microsoft Cloud authentication. Authentication is pushed down to our locally hosted ADFS server.

2. MFA is provided by a Duo Security (https://duo.com/) at the ADFS layer.

3. Duo Security does not provide for “Application Passwords” or “Tokens”.

4. I’ve seen that this can work with applications like Hiri e-mail.

5. This would be similar to the situation in Gnome Online Accounts where you have enabled MFA on Google, Microsoft, or Facebook type accounts. In Gnome Online Accounts, the sign-in dialog launches a “browser window” to complete the login process, including MFA prompts. Then auth is “cached” for the application in question.