Outlook MFA issues, asks for "need password" and get blank screen

Brass Contributor

Hello everyone,

 

Premier support is failing to make an progress, I have had a ticket open for a month now with no luck (Getting escalated to Tier 3 this morning).  Here is the scenario

 

We have Conditional Access rule that says if someone accesses Office 365 (All Office) from a Non-trusted Location require MFA.  For most people it works fine  but we have about 10% of the people who run into a really weird problem in outlook only, all other apps (Skype, Word, etc.) work fine.

 

User opens outlook (2016 current monthly) and it shows the "need password" screen at the bottom and no email is sent/received, when we click on it we see a white box comes up and goes away, it does not give them the option.  So kind of stuck there!

 

When you go to File->Accounts and do a Sign-out and then try to sign-back in it comes up with the email window but as soon as you submit the email the window goes away and they stay signed out.  Here is where it gets interesting, lets say you put someones email in there that works (but is also part of the same MFA rules), it takes that and then brings up the MFA prompt for original user.  Once that user then presses approve (MS authentication app, push notifications) then it signs that user in and email starts flowing again.  It seems to work for a couple of weeks and then stops again with the same prompt.

 

We put in all the normal reg keys to enforce modern auth

(EnableAdal -1, Alwaysusemsoauthforautodiscovery = 1, disableADALaptopWAmOverrride - 1,Disable AADWAM)  but I think it may be something on the username side since putting in another username works.

4 Replies

Hi@Daniel Schmidt 

 

From what you explained here , it seems to work for some users. My recommendation would be to focus on the client end and anything to do with the client end related issues.
Compare (cross check) both working and non working machines.
Which operation system they use? Which build? X64 OR X86 Architecture?
Exact version of Outlook? Which build?
Are all users under the same domain? Same GPO applied to all?
Have you checked the credential manager?

 

We are happy here to support and help  you :)


Thank you
Dav,

 

 

 

 

 

@Deleted Thank you!  Yes all build via SCCM, same image, same department/OU so all same policies.  Tried to clear credential manager, even hapening brand new builds

Hi@Daniel Schmidt 

 

Have you tried "Microsoft Support and Recovery Assistant" on a non working machine on an external network?

 

Disable MFA for the non working user.

opened Outlook ---> Clicked File ----> Office Account --->sign out of all accounts.

Enable MFA for the user

 

Thank you

Dav,

 

 

Were you able to resolve your issue? I have same situation happening today for the first time.