Set up Thunderbird with GT's two-factor authentication

What is Thunderbird? 

Thunderbird is a freely-available email client, created and maintained by the nonprofit Mozilla Foundation. Thunderbird is available in over 60 languages, with cross-platform availability for Linux, Mac, and Windows. It provides superior ease of use, with excellent long-term stability and support for industry standards such as IMAP and OAUTH2.  

GT has recently implemented a proprietary version of OAUTH2 that requires the latest Thunderbird client, version 78 or higher. Please take extra care to download Thunderbird ONLY from either the Ubuntu 20.04LTS secure repository, or, for other distros and operating systems, from the official Thunderbird site at: https://www.thunderbird.net/ 

Once you've downloaded and installed Thunderbird 78.x, please refer to the following instructions in order to set up your GT email.

How to set up Thunderbird for GT's O365 services

1. If this is your first time running Thunderbird, you'll see a pop-up asking you to set up your existing email address. If you don't see that pop-up, go to the Edit menu, and choose Account Settings --> Account Actions --> Add Mail Account...
2. Write your name and email address here, and then click "Configure Manually" at the bottom of this window. This should be your primary email address, which may be a personal alias or departmental address. 
    

    

3. You'll get a pop-up asking if you wish to proceed with manual configuration. Click "OK."

    

4. On the next screen, ignore all options for now (we will correct them on the next screen), and simply click "Advanced Config..." at the bottom:
   

    

5. You will now see a window entitled Account Settings - Mozilla Thunderbird. This is the main Thunderbird setup screen. Here, you should supply the following settings:
    
   • Server Name: outlook.office365.com
   • Port: 993
   • User Name: gtaccount@gatech.edu -- Note that this is NOT the same as your email address -- please use your GTaccount@gatech.edu
     explanation: This is your login to Microsoft's central servers, which identifies you as "your useraccount (i.e. gburdell3) at Georgia Tech." This is a consequence of outsourcing email to a corporation that handles hundreds of different institutions: the top-level domain acts like an area code, telling MS which institution to match the user to, and therefore, which institution to ask to handle that user's authentication. Email addresses and aliases may look similar to user@domain login names, but they do different work behind the scenes.
   • Connection Security: SSL/TLS
   • Authentication Method: OAuth2
     
      
6.  Next, click the Outgoing Server (SMTP) settings on the left sidebar. It will have carried over the incorrect settings from step 4. We'll correct MOST of them now: 
   • Highlight the server definition and click the "Edit" button
   • Use the following settings:
     Description: (a human-readable description of your choice)
     Server Name: smtp.office365.com
     Port: 587
     Connection Security: STARTTLS
     Authentication Method: OAuth2 (if unavailable, use Normal Password, hit OK, then repeat the Edit step; OAuth2 will be available on the second edit.)
     User Name: username@gatech.edu
   • Important: The correct Authentication Method is "OAuth2" and not "Normal Password." There may be a temporary bug in some versions of Thunderbird, making the correct option unavailable on the first try.

     
      

7.  When you hit OK, you will see GT's typical authentication page pop up. This is the result of setting up "OAuth2" -- a protocol for making Thunderbird compatible with GT's two-factor authentication system. We have now connected Thunderbird with Georgia Tech's CAS authentication and Duo! 

   

    

8. Log in as normal, and proceed through your normal Duo process (push, passcode, call, etc)
    
9. Congragulations! Your setup is complete! Thunderbird will now send and receive your GT email.