Forum Discussion

Christian Taveras's avatar
Christian Taveras
Iron Contributor
Oct 16, 2017

Multi-factor Authentication breaks outlook

Just wondering if anyone has run into this issue.     I have been Turning on MFA for users a group at a time all was going smooth.  The next morning after turning on MFA for the last hand full of u...
admin
exchange
office 365
security
nickOsmosis's avatar
nickOsmosis
Copper Contributor
Dec 12, 2018

When setting up MFA you have to possibility to retrieve or create an app password. You should use that one during login in Outlook.

  • Christian Taveras's avatar
    Christian Taveras
    Iron Contributor
    Jan 02, 2019

    I never use app password, with Outlook 2016 all auth goes to ADFS.

    Ap passwords i usually use on mobile devices etc.

  • Jay_Scott's avatar
    Jay_Scott
    Copper Contributor
    Jan 02, 2019

    Unfortunately, the app password does not work in this case. If you get the old Auth screen you will not be granted access in Outlook no matter what password you use. 

    • Jay_Scott's avatar
      Jay_Scott
      Copper Contributor
      Jan 03, 2019

      I WAS able to successfully get this to work finally, without wiping windows OS. Here is what I did.

       

      First: I added the registry key per the below instructions (it wasn't there originally)(also, when I "ran as admin" the "Exchange" folder wasn't present, but when I opened normally {on an AD client} the "Exchange folder WAS there.)

       

      Second: I removed Multi-Factor Auth for my user.

       

      Third: I opened Outlook ---> Clicked File ----> Office Account ---> I signed out of all accounts (one user had 3, one user had only 1)

       

      Fourth: Turned back on multi factor

       

      Fifth: Opened Outlook and when I did - In one case I had to enter the App Password in the New Style App box. In the other case, Outlook just opened and worked. In both cases multi-factor is on and continues to work. Copied and pasted the key below. Hope that helps someone.

       

      1. Exit Outlook.
      2. Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows:
        • Windows 10, Windows 8.1 and Windows 8: Press Windows Key + R to open a Rundialog box. Type regedit.exe, and then press Enter.
        • Windows 7: Click Start, type regedit.exe in the search box, and then press Enter.
      3. In Registry Editor, locate and then click the following registry subkey: 

        HKEY_CURRENT_USER\Software\Microsoft\Exchange
      4. On the Edit menu, point to New, and then click DWORD Value.
      5. Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
      6. Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
      7. In the Value data box, type 1, and then click OK.
      8. Exit Registry Editor.
      • lucisconsulting's avatar
        lucisconsulting
        Copper Contributor
        May 27, 2019

        Hi Jay, 

         

        I presume you restarted your client after editing registry? I've done your method but it's not working.

         

        I'm just going to create a new user, delete current one and rename.  

         

        Jay_Scott 

Resources