Jun 27 2019 07:07 AM
We just set up conditional access and when trying to authenticate users in Outlook 2016, it just continues to prompt for a password and will not work. I had to turn off conditional access for the affected users, then they could authenticate.
We have 2 policies for conditional access.
The first one blocks the log in to any apps or web apps to anyone in the company except if the users are in the excluded group and they must be located at one of our offices using a trusted IP.
The second forces the users in the excluded group from the policy above to use MFA irregardless of where they are if they aren't at one of our offices.
This configuration will not allow the users to use Outlook 2016 on their laptops when not at our office. It continuously prompts for a password, but nothing ever happens. I read that conditional access MFA does not use app passwords, so that is not an option. Outlook 2016 is supposed to be able use modern authentication. So where am I going wrong? I need to have these user's accounts protected when away from the office, but I also need them to be able to use their email in Outlook. Please help.
Jun 27 2019 10:02 AM
SolutionMake sure Modern auth is enabled on the client, as well as service-side. What you are describing looks like the good old basic auth prompt - it will not work once MFA is enabled for an account. And forget about app passwords, they should be avoided wherever possible.
Jun 27 2019 11:49 AM
@VasilMichev Thank you for your help. After reading your response, it prompted me to check Exchange online to see if it had modern authentication enabled. I had read this was enabled by default. However, when I checked ours, it was disabled. I enabled it and things started working after that. Thank You for your help!
Jun 28 2019 12:09 PM
I had encountered the same issue on my machine, I deleted cached credentials under Credential Manager for Outlook and reset my MFA. I was running Windows 10 machine and Office 2016 on mine. It worked and hope it helps.
Jun 27 2019 10:02 AM
SolutionMake sure Modern auth is enabled on the client, as well as service-side. What you are describing looks like the good old basic auth prompt - it will not work once MFA is enabled for an account. And forget about app passwords, they should be avoided wherever possible.