Oct 16 2017 12:36 PM
Just wondering if anyone has run into this issue.
I have been Turning on MFA for users a group at a time all was going smooth. The next morning after turning on MFA for the last hand full of users I had to force a password change company wide due to an internal issue. After doing this it caused outlook to start prompting only for the last hand full of users. No matter which password was entered it continued to prompt. I tried the domain credentials and i even popped in the app password as I read an article that mentioned this but this did not work for me. Just wondering if anyone has run into something similar or can shed any light that may have caused this issue while i wait for 2nd level support to call me.
Apr 12 2021 06:33 AM
Here is what works for me:
I have had success going in that order. Any other way, and or any attemps at bulk enforcement all were met with problems.
Nov 04 2021 09:20 AM
@Steve_Osuch This was the solution! After this step. I still had to go through the Admin Web Portal>Users>Active Users> click a user then go to "manage multifactor authentication". I had to enable the users through that page as well. After your step and the one I mentioned, I am good to go! My tenant is pre 2017 as well, so your solution was correct in that we didn't have MFA enabled by default.
Solution... force all users to Modern Authentication. In retrospect this makes sense as I've noticed new users always got the modern auth prompt even before trying to implement MFA while the old timers like myself had basic auth prompts still pop up occasionally.
Note: this assumes you are on 2016/Outlook for Office 365, 2013 users still additionally have to enable ADAL with registry changes first, then you follow the instructions below to enable modern auth with Exchange Online-> https://support.office.com/en-us/article/enable-modern-authentication-for-office-2013-on-windows-dev...
Solution in detail:
Run Powershell - here is another gotcha, in a fun Microsoft twist of irony if you have MFA enabled for this user you will have to download the Microsoft Exchange Online Remote Powershell Module to get modern auth in the powershell environment. If your username can log in with basic auth, search->powershell->run as admin.
Connect to Exchange Online in PowerShell
Connect-EXOPSSession -UserPrincipalName chris@contoso.com
(for US based Office 365 - for others, you will need to find the URIs)
Enable Modern Authentication in Exchange Online
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Check Status of Modern Authentication
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
PS C:\Users\StevenOsuch> Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
PS C:\Users\StevenOsuch> Get-OrganizationConfig | Format-Table Name,OAuth* -AutoName OAuth2ClientProfileEnabled
---- --------------------------
domain.somewhere.com True
Now open up Outlook, it worked instantly, I didn't even have to provide credentials as it pulled it from my laptop which already had the SSO profile that had been authenticated at login.
Retrospectively, looking at the Set-Up MFA for O365 article (https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-aut...), it mentions this as well but this was just updated a couple of days ago so maybe it wasn't there before.
Final note, if you still use Skype for Business, you have to enable Modern Auth separately using the Skype specific connection and command prompts.
Jan 12 2022 05:30 PM
I'm adding my discovery for anyone currently having the same issue; Microsoft 365, MFA, Business account. Having read through tons of the same issue and trying to solve myself, I was able to connect some dots. The issue is that Modern Authentication is not enabled for the domain. When you log into M365 as admin, go to Settings tile, Org Settings, scroll to Modern Authentication and turn it on. This corrected the password loop in Outlook, as well as downloading Offline Address Book, and other Outlook oddities after turning on MFA. Hopefully this helps others.
Jan 13 2022 09:49 AM
Our Org is set to modern authentication. When coming across users with password loops. I have to temporarily turn off their MFA and reset all MFA Factors, then change password, log them in to Outlook/Onedrive Sync/Word /Teams. THEN, once logged in, I work with the user to enter MFA Factors and THEN I re- enforce MFA on the user. It has been the only way to fix this for us.
Mar 01 2022 04:26 AM
@Afisher25Yor save my day. Thx. Fix 2 works for me.