So I believe the "Enable policy to block legacy authentication" is what's giving me this trouble. This is the description secure score gives -- "Blocking legacy authentication makes it harder for attackers to gain access. Office 2013 client apps support legacy authentication by default. Legacy means that they support either Microsoft Online Sign-in Assistant or basic authentication. In order for these clients to use modern authentication features, the Windows client has have registry keys set. " These were the steps secure score said to take--- In the Azure AD conditional access portal, 1. Click +New policy 2. Conditions > Client Apps > Configure (Yes) > Explicitly select Mobile apps and desktop clients and Other clients 3. Under Access controls > select Block. Leave all other conditions blank 4. Make sure the policy is enabled 5. Create. For more info, see How to: Block legacy authentication to Azure AD with conditional access.
I've tried disabling the policy but with no luck. Below is a picture of the credential pop-up Microsoft asks for in order to sign into Outlook via desktop app. It will not accept any password and continues to ask. Maybe it is not the legacy policy?