Solution
The Linux Evolution Mail client supports Office 365 with Duo multi-factor authentication (MFA) with the evolution-ews plugin (v3.27.91 and above).
Minimal testing have been done with this.
Details
Install the Evolution package. Open a terminal window and execute the following commands as root:
apt-get update
apt-get install evolution evolution-ews
Launch Evolution
If this is the first time, you will be presented with the Add Account wizard.
If Evolution Mail is already configured, click File -> New -> Email Account to open the wizard
Click Next on the Welcom screen.
When prompted "to restore from backup", make sure "Restore from a backup" is unchecked.
Click Next.
Enter your name and email address in the Required Information fields.
Uncheck "Look up mail server details based on the entered email address"
Click Next.
From the Server Type drop-down box, select Exchange Web Services.
In the Username box, enter your NDUS credentials (FirstName.LastName@NDUS.edu)
In the Host URL box, enter https://outlook.office365.com/EWS/Exchange.asmx
From the Authentication drop-down box, select OAuth2 (Office365)
If OAuth2 (Office365) is not listed, click "Check for Support Types" then select OAuth2 (Office365)
Check the check box for Override Office365 OAuth2 settings
In the Tenant box, enter ec37a091-b9a6-47e5-98d0-903d4a419203
In the Application ID box, enter b3c77d81-4b17-43b9-a183-9d41f8db73be
Click Finish
Click Apply to save your settings.
If you do not get a pop-up window with the NDUS login prompt, the Evolution process might be frozen.
Open a terminal window and enter
sudo pkill evolution
Relaunch Evolution
If you receive an error stating thatt another Evoltuion process is already running, reboot your computer, and launch Evolution.
Enter your NDUS username and password.
Select the MFA option that you want to use. If the popup is blank, right click in the popup and select reload.
NOTE: You do not need to check "Remember me for 60 days," Evolution will remember your login and you will not be prompted to re-authenticate until the OAuth token expires. If you change your password, you will be required to re-authenticate.