Forum Discussion
Solved
outlook 2010 and 2013 continually asks for password in hybrid environment
Hello, I have implemented a full hybrid solution with an exchange 2016 cu17 server. I created the migexchange.it domain on o365 and synchronized the AD users via AAD connect. The autodiscover reco...
pazzoide76 So it all came down to MFA via Security Defaults? That's not the first time I've heard it as I now recall another conversation with a similar issue, not identical, where I actually suggested that. It didn't struck me as a solution this time and I can only blame my six weeks vacation..
harveer singh Good job!
pazzoide76 Please mark the above reply with the solution as "Best response" for future reference.
You are great.
The solution was Turn off Security defaults.
Now both the 2010 and 2013 outlooks go.
But is this feature enabled by default?
Thank you
pazzoide76 So it all came down to MFA via Security Defaults? That's not the first time I've heard it as I now recall another conversation with a similar issue, not identical, where I actually suggested that. It didn't struck me as a solution this time and I can only blame my six weeks vacation..
harveer singh Good job!
pazzoide76 Please mark the above reply with the solution as "Best response" for future reference.
you're right but how can I change it?
pazzoide76 Please mark harveer singh reply as best response (not mine). Cheers!
Thanks for the clarification
Hey pazzoide76 Glad it worked out for you!
It all basically started last year when various security reports started pointing out weaknesses in office 365 security platform as it did not provide MFA enabled by default for admins/ critical accounts. Like this one: https://us-cert.cisa.gov/ncas/analysis-reports/AR19-133A
Office 365 did already provide base lines policies via conditional access to enforce MFA on admin accounts but the catch was it had to be enabled manually and most of the admins didn't. So Microsoft's answer to that was Security defaults launched this year:
My purpose of sharing the info with you; if you noticed the security report (first article), have pointed out that allowing legacy authentication protocols to connect to office 365 environment is also a possible threat. So your next task should be to look at conditional access policies to control from where you are allowing legacy applications to connect to office 365.
Thanks
I simply have Turn off Security defaults.
The absurd thing is that I opened a call to 0365 support for a week and they kept telling me that it was the fault of registry keys or the autodiscover even though I told them that those outlooks worked with other tenants and that therefore it was not a problem of outlook.
An hour after your reply support 0365 also told me about Turn off Security defaults but it took a week of useless testing.Thanks again
