Forum Discussion
Multi-factor Authentication breaks outlook
Has anyone actually figured this out? We use Outlook 365 (Office 365) turned MFA and it "breaks" Outlook 365. As mentioned above, it keeps asking for a password and it will not take it.
Yes, the issue was outlook was not connecting to O365 using Modern Auth. IF you check outlook connection and it says "Clear". Then outlook is NOT connecting using modern auth. IF it displays "BEARER" like below then it is using Modern Auth. The only fix that I found that works 100% of the time is wipe the User Windows Profile and recreating which means its something in the Windows profile. I used MS SARA and that was a process I just kept telling SARA the fix didnt work until it reached a point where it asked if I wanted it to recreate the Outlook Profile and that also worked but it take over 10 to 15min and sometimes didnt work.
There was something in the Windows profile that gets wiped and allowed outlook to connect over modern auth. I was only running outlook 2016 which has Modern auth built in so no reg keys needed.
I chose to do redo the Windows Profile it was faster to do this than sitting for 15min for MS SARA to possibly fix it. I only had 55 to 60 users out of 300 that had this issue when I turned on MFA.
Login to Office 365 and create an App password.
Use that password when Outlook asks for a password.
If outlook is no longer asking for a password, just remove the password in the credential manager.
That did fix it for our organization.
-Omon- wrote:Have you tried going into Windows Credential Manager under the user profile and removing the stored Outlook credentials and then starting Outlook again?
That did the trick for my OL 2010 user. After changing her to 2FA Outlook did not prompt for credentials but simply did not connect to the server (EXO) anymore.
Hi We have migrated to Office 365, with an Exchange 2013 hybrid server and Outlook 2013 clients. I would like to implement 2FA/MFA - but it breaks Outlook. We also don't currently have Azure Premium P1 licences, so can't implement Conditional access.
Reading the above messages, is that using Outlook 2013 we would have to use the APP password, but would not have to use the APP password if all the clients were using Outlook 2016?
Would the hybrid server running exchange 2013 be an issue?
Keep in mind APP Passwords by pass MFA. Outlook, esp 2016 has built in Modern Auth so it should be able to Auth users against ADFS if domains are federated or Azure. Using APP passwords in outlook for me is a no no, thats Just me. I rather find the root cause of why Outlook is prompting and fix that.
Only thing using APP Passsword in my environment are mobile device Ipads, Iphones Android phones/Tablets. Everything else is using ADFS.
This worked for me. Removed credentials related to Office 2016. Then restarted Outlook, put in an App Password and it came up.
Have you tried going into Windows Credential Manager under the user profile and removing the stored Outlook credentials and then starting Outlook again?
