Forum Discussion

Christian Taveras's avatar
Christian Taveras
Iron Contributor
Oct 16, 2017

Multi-factor Authentication breaks outlook

Just wondering if anyone has run into this issue.     I have been Turning on MFA for users a group at a time all was going smooth.  The next morning after turning on MFA for the last hand full of u...
admin
exchange
office 365
security
nickOsmosis's avatar
nickOsmosis
Copper Contributor
Dec 12, 2018

When setting up MFA you have to possibility to retrieve or create an app password. You should use that one during login in Outlook.

Jay_Scott's avatar
Jay_Scott
Copper Contributor
Jan 02, 2019

Unfortunately, the app password does not work in this case. If you get the old Auth screen you will not be granted access in Outlook no matter what password you use. 

  • Jay_Scott's avatar
    Jay_Scott
    Copper Contributor
    Jan 03, 2019

    I WAS able to successfully get this to work finally, without wiping windows OS. Here is what I did.

     

    First: I added the registry key per the below instructions (it wasn't there originally)(also, when I "ran as admin" the "Exchange" folder wasn't present, but when I opened normally {on an AD client} the "Exchange folder WAS there.)

     

    Second: I removed Multi-Factor Auth for my user.

     

    Third: I opened Outlook ---> Clicked File ----> Office Account ---> I signed out of all accounts (one user had 3, one user had only 1)

     

    Fourth: Turned back on multi factor

     

    Fifth: Opened Outlook and when I did - In one case I had to enter the App Password in the New Style App box. In the other case, Outlook just opened and worked. In both cases multi-factor is on and continues to work. Copied and pasted the key below. Hope that helps someone.

     

    1. Exit Outlook.
    2. Start Registry Editor. To do this, use one of the following procedures, as appropriate for your version of Windows:
      • Windows 10, Windows 8.1 and Windows 8: Press Windows Key + R to open a Rundialog box. Type regedit.exe, and then press Enter.
      • Windows 7: Click Start, type regedit.exe in the search box, and then press Enter.
    3. In Registry Editor, locate and then click the following registry subkey: 

      HKEY_CURRENT_USER\Software\Microsoft\Exchange
    4. On the Edit menu, point to New, and then click DWORD Value.
    5. Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
    6. Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
    7. In the Value data box, type 1, and then click OK.
    8. Exit Registry Editor.
    • lucisconsulting's avatar
      lucisconsulting
      Copper Contributor
      May 27, 2019

      Hi Jay, 

       

      I presume you restarted your client after editing registry? I've done your method but it's not working.

       

      I'm just going to create a new user, delete current one and rename.  

       

      Jay_Scott 

    • Seamusm's avatar
      Seamusm
      Copper Contributor
      May 24, 2019
      This is the one that helped me the most with my issue. Thanks Jay_Scott
    • C_the_S's avatar
      C_the_S
      Bronze Contributor
      Feb 05, 2019

      Incredible!

      Microsoft wants tenants to use MFA and this is the garbage we have to go through to set it up so it works for our users!!!

      Here we are evaluating MFA for our organization and this is totally ridiculous from Microsoft! Right now we are using App passwords for our trial group of 8. I can't imagine going through all these steps for ALL our users just so MFA works properly.

      Come on Microsoft get with it!

      /rant off

Resources