SOLVED

Conditional Access MFA Outlook 2016 question

Copper Contributor

We just set up conditional access and when trying to authenticate users in Outlook 2016, it just continues to prompt for a password and will not work. I had to turn off conditional access for the affected users, then they could authenticate.

 

We have 2 policies for conditional access.

The first one blocks the log in to any apps or web apps to anyone in the company except if the users are in the excluded group and they must be located at one of our offices using a trusted IP. 

The second forces the users in the excluded group from the policy above to use MFA irregardless of where they are if they aren't at one of our offices. 

 

This configuration will not allow the users to use Outlook 2016 on their laptops when not at our office. It continuously prompts for a password, but nothing ever happens. I read that conditional access MFA does not use app passwords, so that is not an option. Outlook 2016 is supposed to be able use modern authentication. So where am I going wrong? I need to have these user's accounts protected when away from the office, but I also need them to be able to use their email in Outlook. Please help. 

3 Replies
best response confirmed by Chris Varner (Copper Contributor)
Solution

Make sure Modern auth is enabled on the client, as well as service-side. What you are describing looks like the good old basic auth prompt - it will not work once MFA is enabled for an account. And forget about app passwords, they should be avoided wherever possible.

@VasilMichev Thank you for your help. After reading your response, it prompted me to check Exchange online to see if it had modern authentication enabled. I had read this was enabled by default. However, when I checked ours, it was disabled. I enabled it and things started working after that. Thank You for your help!

@Chris Varner 

 

I had encountered the same issue on my machine, I deleted cached credentials under Credential Manager for Outlook and reset my MFA. I was running Windows 10 machine and Office 2016 on mine. It worked and hope it helps.

1 best response

Accepted Solutions
best response confirmed by Chris Varner (Copper Contributor)
Solution

Make sure Modern auth is enabled on the client, as well as service-side. What you are describing looks like the good old basic auth prompt - it will not work once MFA is enabled for an account. And forget about app passwords, they should be avoided wherever possible.

View solution in original post