Forum Discussion
Outlook Modern Auth not working
hm,
- do you run cloud only authentication or federated authentication?
- do you have AAD joined or hybrid joined clients?
- is OWA working / Browser / and or the other MS apps - Word/PowerPoint etc `?
Would be great if you can post at least parts of the
Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
key...maybe just the keys, without any user identity values.
Just a few ideas what to look for:
- Setting DisableADALaTopWAMOverride becomes a problem for example with "older" Win 10 builds aka 1809 and with Outlook OfficeProPlus 1908 and newer ... if AAD hybrid joined .. have not tested with Win 10 1903..or the combination you posted...
- Any error messages in the Windows 10 - Event Viewer - Application and Services Logs / Microsoft / Windows / AAD?
- Have you tried with a new OL profile?
- Maybe any on-prem resource mapped?
- Anything broken with Autodiscover - Fiddler usually helps here
- Tried Microsoft Support and Recovery Assistant - https://support.office.com/en-us/article/Resolve-Outlook-for-Windows-issues-with-automated-troubleshooting-tools-38e2342d-3527-4190-8754-a82d8b970fe2 ?
- Any conditional access policy set for Exchange Online? For example, which blocks basic authN or modern authN clients... Outlook will show a nice Password Required message in this case.. while browers still might work...
- Have you tried to clear the Windows Credential Cache?
hth,
Claus
Anything broken with Autodiscover - Fiddler usually helps hereJust wanted to throw out there that Fiddler is probably not the best way to test AutoDiscover.
I would recommend to use either the builtin https://help.mgcld.com/hc/en-us/articles/360025587513-Use-Outlook-to-Test-AutoConfigure-aka-Autodiscoverhttps://testconnectivity.microsoft.com/https://testconnectivity.microsoft.com/tests/Ola/inputhttps://testconnectivity.microsoft.com/tests/O365ExchangeDns/input
The Remote-Analysis site cannot test your on-premise DNS, or check your Active Directory for an SCP record that might be getting in the way - neither would Fiddler.
However, the Outlook Autoconfiguration Test DOES test these on-premise problems as well.
Note: Opening the Autoconfiguration test requires Outlook to already be open, but if you are having trouble configuring the email account, you may not be able to get far enough to try running the tool.
Protip: you can open Outlook into an empty profile with no email by runningOutlook.exe /PIM NoMailhttps://support.microsoft.com/en-gb/office/use-outlook-without-an-email-account-477a1fc3-4423-4156-bef4-67489edfdbef
Also, I don't think the link I provided for the AutoConfigure Test mentions it, but I would recommend Disabling GuessSmart at first while you troubleshoot, and only re-enable it if the Outlook Login Prompts are acting different than your AutoDiscover tests
I don't know WHY but these TechCommunity forums insist on Mangling messages I post.
Here are the links again
Outlook Autodiscover Test - https://help.mgcld.com/hc/en-us/articles/360025587513-Use-Outlook-to-Test-AutoConfigure-aka-Autodiscover
Microsoft Remote Connectivity Analyzer - https://testconnectivity.microsoft.com/
- Outlook Connectivity Test - https://testconnectivity.microsoft.com/tests/Ola/input
- Exchange Online Custom Domain DNS Connectivity Test - https://testconnectivity.microsoft.com/tests/O365ExchangeDns/input
Outlook PIM Instructions - https://support.microsoft.com/en-gb/office/use-outlook-without-an-email-account-477a1fc3-4423-4156-bef4-67489edfdbef
and an image of disabling GuessSmart while testing
I've also had trouble with Outlook 365 (Microsoft® Outlook® for Microsoft 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit) and when I disable basic authentication, it cannot connect to Exchange Online.
However, before disabling basic auth, when I check to see if it's using basic auth, it shows 'Bearer*' as the Authn protocol.
Azure AD logs show everyone is using modern auth. We have no basic authentications logged in Azure and we have federated our domains with Okta.
We have thousands of non technical users and coaching them to edit their registry is not going to happen. Is this Microsoft's official 'fix'? Edit the user's registry?
