Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD W10 and Outlook

Copper Contributor

Hi All,

We have Azure AD joined machines, coniditional access and with Windows hello enabled, all our applications work with AAD Proxy single signon.

 

Currently outlook (office365) is our biggest problems, when you launch outlook for the first time (and also if your password changes) it prompts for the Windows Hello pin, then errors becasue it needs the password, ou have to click other users then enter O365 username and password.

 

Does anyone use Azure AD machines + Windows Hello without and Outlook credentials issues?

 

Should Windows hello be able to authenticate users in Outlook and am I missing something?

or

Is there a way to get outlook to default username and password prompt with windows hello enabled on the OS?

 

Thanks,

17 Replies

Hi Tom,

 

Do you have Modern Authentication enabled in Exchange Online for your tenant? Also, are you running the Click 2 Run version of Office?

Hi Grant,

 

Yes to both, we use the click to run version of office, and Modern Authentication is enabled.

 

Name                                       OAuth2ClientProfileEnabled

----                                       --------------------------

*************.onmicrosoft.com                       True

 

Tom,

 

I was able to reproduce your issue in my environment. It looks like if you signed into Windows using your Hello PIN instead of your password, it traps you in the authentication pop-up cycle. I believe you can click the "more choices" link at the bottom of the prompt and use the standard email address and password, but I imagine most end-users won't know to do that. Microsoft needs to either update Outlook 2016 so that it can properly utilize Windows Hello, or make it smart enough to stop asking users for a PIN that won't work.

Same issue. 

 

Office Pro Plus + Exchange Online + Windows 10 Creators Update + Modern Authentication on EXO + Logon using Windows Hello for Business = Prompt for credentials in Outlook and only accepts user and password

We are running into this problem as well.  Did anyone figure it out?  Thx!

We are experiencing the same problem in one of our tenants. We have a similar setup as described in a couple of the posts here.

 

We are currently working with Microsoft support on the issue. Will keep you updated on the progress. 

Hi Kevin,

 

I ran into this problem today and as Grant mentioned in his reply (https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-AD-W10-and-Outlook/m-p/100860/hi...) I tried to log in via the link 'Sign in as a different user' (not sure if this is the exact phrase).

 

Then I removed the prefix 'azuread\' and proceeded to the password prompt. After providing my standard O365/AzureAD password, the prompt accepts the credentials and everything works as usual.

 

Hope this helps until Microsoft provides the fix, which Morten indicated.

 

Greetings, Sebastian

I saw this issue when accessing Exchange Online via a metered Outlook 2016 connection. Have the user logon with their usual account rather than the prompted Azuread\someuser@somedomain.com.

Running into the same issues, with Outlook 2016/Azure AD/Conditional Access via Intune/Modern OAuth enabled. Any luck here?

I'm also experiencing this issue; I'm being prompted for azuread\username@domain.com after opening outlook; any solutions?

 

 

I am experiencing the same issue, really having a hard time as the popup to logon comes back every few minutes and even removing azuread/ does not allow successful logon...

did anyone find a final solution



?
Looking for a solution as well. My client would like to use MFA so modern authentication is a step towards that as it means they don't have to mess around with application passwords (non-starter to be honest). I've been given permission to try modern authentication over the weekend and immediately hit this azuread prefix problem on my test VM and test accounts.

Signing in as a different user and removing azuread at the start does work but it's totally unreasonable to expect the users to do this.

Interestingly my own personal VM that I use for this client didn't have the same problem but it's running the monthly targeted version of Outlook (v1811) whereas my test VM (and clients) are running semi-annual channel (v1803).

I'm just switching channel on my test VM to v1811 to see if the problem goes away.

BTW - I documented the process on answers before I found this topic:

https://answers.microsoft.com/en-us/msoffice/forum/all/users-unable-to-open-outlook-2016-after-enabl...

Yes, it's a bug/problem in Office 2016 v1811 - the current semi-annual release. Upgrade the VM to v1803 (monthly targeted) and Outlook loads flawlessly.

Am about to restore the VM and try semi-annual targeted...
Rounding this off for tonight. The problem also does not occur in the semi-annual targeted channel (v1808) which was released in September. So that's when it was fixed. The semi-annual channel (v1803) was released in July and does have this fault.

The next semi-annual release (bringing it inline with v1808) is in January so not that long until this flaw is fixed in all our client systems.

So I'm snoozing the ticket to implement modern authentication for another three months.

Hi there 

 

I seem to have the same issue - Surface Pro joined to Azure AD, this week Outlook and Skype stopped working. I have followed the steps to change the tenancy release schedule and I also opted the software into targeted. But no joy.

 

I have even uninstalled Office 2016, removed mail profile and retried - both SfB and Outlook fail to setup the account. Windows Security still prompts for the password and won't go away.

 

I have tried the email address as the username and Azuread\myo365email as the username also.