Forum Discussion
Multi-factor Authentication breaks outlook
We have been using office 2013 pro plus with the ADAL Reg keys in place. This setup has been in place for months. Then out of the blue after we forced a password change this issue occured.
MS says they are having issues with Outlook and ADAL ATM but there is nothing on the Portal in ref to this. I dont think OUtlook version is the issue here as this was all working fine for months until last Wednesday.
Well, the least they can do is push this info to the SHD, so make sure you give them some grief :)
Well i found in testing something is absolute being cache as to what that is i don't know. I also don't know if i want to spend anymore time on this than i have. I took 2 users turned on MFA, broke outlook and i then wiped the Windows Profile and that seemed to fix the issue for me. I don't think I should have to go to such extreme to have the end user recreate the windows and then the mail profile.
Have you checked Credentials manager in Control Panel? Are users given the option to save their password when prompted by Outlook to authenticate?
Thanks for the discussion here. I ran into this problem on our RDS server which runs alongside a domain controller in Azure. I checked the Autodiscover settings in the Domain Controllers DNS server and they reflected those in the public DNS.
I was able to connect outlook to Office365 on another computer and so knew the MFA was working. I tried connecting the account using an Admin login account which I knew had been used to access a different users Office365 account but never my account and definitely no account with MFA enabled.
I deleted the Outlook profile but still could not connect.
I deleted the entire user profile off the RDS server and logged in again. This time Outlook connected to Office365.
Knowing it would work I now backed up all data from my own user profile and deleted that. Logged back in and Outlook now connects ok.
So, the autodiscover and setup process is storing something in the users profile or User registry that do not get deleted just by deleting the Outlook profile.
It would be nice to be able to put my finger on it and just delete that part without having to delete the entire user profile.
Agreed, turns out that turning on MFA for these 41 users breaks outlook. MS confirmed the issue on MS side. THey are suppose to be updating our tenant but Im still waiting. I was told that this issue is affecting other tenants in o365.
