CHI-LTD
asked on
Hybrid exchange MFA
Hi
I have enabled MFA for my account in o365 and can now not log into outlook 2016 - keep getting the credentials prompt...
We are hybrid exchange with ADconnect.
Thanks
I have enabled MFA for my account in o365 and can now not log into outlook 2016 - keep getting the credentials prompt...
We are hybrid exchange with ADconnect.
Thanks
can i know what’s the original error you see from the sign-in page? a screenshot is preferred please?
ASKER
Im using outlook 2016 client
getting the default PW page: https://www.kasson.com/bleeding_edge/the-bleeding-edge/outlook-continually-prompts-for-exchange-passwords/
getting the default PW page: https://www.kasson.com/bleeding_edge/the-bleeding-edge/outlook-continually-prompts-for-exchange-passwords/
have you enabled modern authentication with O365 tenant?
if not, enable it
Else you need to generate app password from myapps.microsoft.com portal and supply it to outlook
Else you need to turn off mfa
if not, enable it
Else you need to generate app password from myapps.microsoft.com portal and supply it to outlook
Else you need to turn off mfa
What does the password prompt look like? If you are getting the old Basic auth one, you need to make sure that Modern auth is enabled *both* on the server- and client-side.
https://support.office.com/en-gb/article/enable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662
https://docs.microsoft.com/en-us/office365/enterprise/modern-auth-for-office-2013-and-2016
https://support.office.com/en-gb/article/enable-or-disable-modern-authentication-in-exchange-online-58018196-f918-49cd-8238-56f57f38d662
https://docs.microsoft.com/en-us/office365/enterprise/modern-auth-for-office-2013-and-2016
ASKER
So i need a reg entry for outlook?
for outlook 2016 / O365 thick client, you don't need any reg entries, by default they support modern auth
enable it from server end (Exchange Online shell to be used)
enable it from server end (Exchange Online shell to be used)
They do support it by default, but it might be disabled by GPO, so make sure you double-check things. And you didnt answer my question on how the prompt looks like?
So i need a reg entry for outlook?
you don’t need any registry hacking. it is just an authentication issue caused by server side due to untrusted sign-in. depening on your Outlook version, removing profile or re-logging in via web will fix it.
ASKER
We disable OWA.
So enabling modern auth will essentially fix my thick outlook 2016 client?
So enabling modern auth will essentially fix my thick outlook 2016 client?
We disable OWA.
it is not necessary to disable OWA. I don’t think it is related the issue.
So enabling modern auth will essentially fix my thick outlook 2016 client?
yes.
ASKER
Got it. Seems to work well for outlook but awful for EAS devices. My EAS ipad now needs just the random character password that o365 has created... Why? This is mental!
The default Mail app on iOS supports Modern auth, provided you are using the latest version of iOS.
ASKER
we are using maas360 mail app which i assume is using modern auth. But why is it using the app password rather than the users synced AD password?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
MFA for EAS is pants.