Citrix published application requesting credentials to send email via mapi

%3CLINGO-SUB%20id%3D%22lingo-sub-1216807%22%20slang%3D%22en-US%22%3ECitrix%20published%20application%20requesting%20credentials%20to%20send%20email%20via%20mapi%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1216807%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EI%20have%20a%20published%20application%20%22ABC%22%20in%20Citrix%20Xenapp%206.5.%20The%20%26nbsp%3Blocation%20specified%20in%20the%20application%20properties%20is%20another%20server.%20This%20application%20has%20recently%20had%20a%20functionality%20added%20where%20it%20can%20send%20email%20out%20to%20customers.%20But%20the%20users%20are%20being%20prompted%20for%20credentials%20by%20outlook%20as%20shown%20below%3A-%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Outlook_Security_Prompt.JPG%22%20style%3D%22width%3A%20624px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F175883iA07132D5850DB274%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22Outlook_Security_Prompt.JPG%22%20alt%3D%22Outlook_Security_Prompt.JPG%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EWe%20have%20Office%20365%20in%20Hybrid%20mode%20and%20Outlook%202013%20on%20the%20citrix%20server.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EIf%20my%20understanding%20is%20correct%20then%20this%20app%20is%20launching%20the%20Outlook%202013%20from%20the%20Citrix%20server%20to%20send%20this%20email.%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EAs%20the%20user%20is%20already%20logged%20on%20to%20citrix%20and%20has%20app%20%22ABC%22%20open%20from%20this%20server%20then%20shouldn't%20pass%20through%20authentication%20work%20and%20user%20should%20not%20be%20prompted%20for%20the%20username%20and%20password%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3EOR%3C%2FSPAN%3E%3CBR%20%2F%3E%3CSPAN%3E%26nbsp%3Bis%20it%20because%20of%20the%20issue%20mentioned%20in%20the%20article%20below%3A-%3C%2FSPAN%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fsupport.microsoft.com%2Fen-au%2Fhelp%2F3126599%2Foutlook-prompts-for-password-when-modern-authentication-is-enabled%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.microsoft.com%2Fen-au%2Fhelp%2F3126599%2Foutlook-prompts-for-password-when-modern-authentication-is-enabled%3C%2FA%3E%3CBR%20%2F%3E%3CSPAN%3EOR%20something%20related%20to%20OAuth%3F%3C%2FSPAN%3E%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EHow%20can%20I%20determine%20the%20root%20cause%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1216807%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Ecitrix%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOutlook%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

I have a published application "ABC" in Citrix Xenapp 6.5. The  location specified in the application properties is another server. This application has recently had a functionality added where it can send email out to customers. But the users are being prompted for credentials by outlook as shown below:-

 

Outlook_Security_Prompt.JPG

We have Office 365 in Hybrid mode and Outlook 2013 on the citrix server.
If my understanding is correct then this app is launching the Outlook 2013 from the Citrix server to send this email.
As the user is already logged on to citrix and has app "ABC" open from this server then shouldn't pass through authentication work and user should not be prompted for the username and password?
OR
 is it because of the issue mentioned in the article below:-
https://support.microsoft.com/en-au/help/3126599/outlook-prompts-for-password-when-modern-authentica...
OR something related to OAuth?

How can I determine the root cause?

1 Reply
yes, the nature of the logon box shows that it is using basic authentication instead of modern auth. For Outlook 2013 you must deploy these two registry keys:
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL REG_DWORD 1
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version REG_DWORD 1
https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentic...
And you also must make sure modern authentication is enabled for Exchange Online as described here:
https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-mo...