Hi all, I have an environment with Exchange 2010 in a hybrid setup with Office 365.We have ADFS 3.0 running which is working fine when, for example, we logon to portal.office.com.We migrated a few test users to Office 365/ Exchange. That is all working fine.One thing I see and I wonder if that is normal behaviour with AD FS;When a migrated user opens Outlook 2016 (fully patched) for the first time on a domain joined Windows 10 PC on the internal network, he is asked for his password with a screen for basic authentication. Is expected a SSO experience, because modern authentication is turned on for Exchange and did this setting on the ADFS Server Enable-AdfsEndpoint -TargetAddressPath "/adfs/services/trust/13/windowstransport" It is probably hitting the old Exchange 2010 first when running the autodiscover process, which is causing the prompt. The autodiscover points at the internal Exchange server and not to O365, becuase are other mailboxes are on-prem.Is their a solution to prevent this behaviour of Office 2016?Thank you!

For real SSO experience in Outlook you need Modern authentication enabled. Otherwise you get the basic auth prompt, that's the expected behavior. If you want more info check the AD FS whitepapers: https://www.microsoft.com/en-us/download/details.aspx?id=36391

Oh, and Modern auth needs to be enabled both client-side and server-side.

PKlapwijk Although this is an old article. I just wanted to add my findings as i have experienced exactly this. What solved my problem was https://support.microsoft.com/en-gb/help/3126599/outlook-prompts-for-password-when-modern-authentication-is-enabled This fix was:HKEY_CURRENT_USER\Software\Microsoft\ExchangeOn the Edit menu, point to New, and then click DWORD Value.Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.In the Value data box, type 1, and then click OK.

Did you try troubleshooting steps shown here? - https://support.microsoft.com/en-us/help/2535227/a-federated-user-is-prompted-unexpectedly-to-enter-their-work-or-school-account-credentials

Hi,Yes I did. Adfs itself works fine by using the browser, but only not when using Outlook 2016

Outlook prompts for password using ADFS 3.0

11 Replies

Mitch King
Iron Contributor
Dec 21, 2017
Hi peter, do you get SSO to your internal Autodiscover website? if not then that's the problem, add your internal Autodiscover website to local intranet sites.
Muditha
MCT
Feb 03, 2017
Did you try troubleshooting steps shown here? - https://support.microsoft.com/en-us/help/2535227/a-federated-user-is-prompted-unexpectedly-to-enter-their-work-or-school-account-credentials
- PKlapwijk
  MVP
  Feb 03, 2017
  Hi,
  
  Yes I did. Adfs itself works fine by using the browser, but only not when using Outlook 2016
  - Graham Lindsay
    Copper Contributor
    Jan 29, 2020
    PKlapwijk Although this is an old article. I just wanted to add my findings as i have experienced exactly this.
    
    What solved my problem was https://support.microsoft.com/en-gb/help/3126599/outlook-prompts-for-password-when-modern-authentication-is-enabled
    
    This fix was:
    HKEY_CURRENT_USER\Software\Microsoft\Exchange
    On the Edit menu, point to New, and then click DWORD Value.
    Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
    Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
    In the Value data box, type 1, and then click OK.

Forum Discussion

Outlook prompts for password using ADFS 3.0

11 Replies

Resources