locked
Outlook 2016 prompting for basic authentication rather than 2FA on one machine. RRS feed

  • Question

  • On Friday everything was working fine and as far as I know nothing changed over the weekend.

    This morning on my account, which is Azure AD Connect synched up to Office365 with 2FA enabled, on my "new" laptop running Office 365 ProPlus 2016 Version 1803 click to run on the semi annual channel, outlook refuses to connect to office365. Status shows disconnected. Closing and reopening outlook gives the message "A problem occurred during sign-in for emailaddress. To solve this problem, go to http://technet.microsoft.com/en-us/library/dn270518.aspx#howapppassword in your web browser. Do you want to open this page?

    Naturally going to that page tells you how to set everything up which I've already done and has been working for several weeks and outlook is still working on my "old" laptop running the same version of outlook on the machine.

    Skype and Teams both use single sign on and only prompt me for the 2FA notification prompt as expected.  Outlook asks for the username and password in the basic authentication box. Entering my Windows username and password (which shouldn't be needed) then gives me the above error message.

    Disabling 2FA for my account fixes the issue in outlook, but doesn't let me reconnect when I turn it back on. However, on my old laptop everything works as expected and I can log in and out of outlook with no problems.

    I have tried upgrading office to the latest monthly version on the new laptop and still get the same error show up.

    Get-organizationconfig | fl *profile* confirms that OAuth2ClientProfileEnabled is true.

    MFA status shows as enforced for my user account (as expected).

    A problem occurred during sign in

    Creating a new Outlook profile didn't help.

    Troubleshooting tips talk you through adding 2fa but end with "contacting your administrator for help" which isn't much use when you are the administrator.

    Running Office 365 diagnostics states that applications such as Outlook require an app password... Is this correct? I thought this was no longer the case in recent versions of outlook.



    http://absoblogginlutely.net


    • Edited by helsby Monday, October 15, 2018 4:57 PM Edit of image
    Monday, October 15, 2018 4:54 PM

Answers

  • The solution was to delete my user profile. Unfortunately I was not able to get ME Support to troubleshoot the problem. BLosing away the profile is the way iron until it happens again or to a C-level user.

    http://absoblogginlutely.net

    • Marked as answer by helsby Wednesday, October 24, 2018 10:09 AM
    Wednesday, October 24, 2018 10:09 AM

All replies

  • Hi helsby,

    Thanks for visiting Outlook forum. Then sorry but my knowledge about 2FA is limited so I am afraid little I can help regarding this issue. As you mentioned that it works properly on your "old" laptop, could you please have a check to see if the two laptops are running the same build of Outlook 2016? 

    Besides, have you tried clearing the credential manager cache related to ADAL in Windows Credential Manager and check the result? 

    In addition, please refer to the possible solution shared by dhtampa in the following thread which discusses a similar issue and see if it applies to your situation:

    Is multi-factor auth broken in Outlook 2016 on Win 10?

    What's more, I noticed that there is a dedicated MSDN forum for Azure Multi-Factor Authentication. You may consider posting a new thread there if you need further assistance on this issue.

    Hope the above information can be useful.

    Regards,

    Yuki Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, October 16, 2018 6:59 AM
  • Thanks Yuki,

    The two machines were running the exact same build of office which is why this is odd. Especially as it was working fine on Friday too.  I also cleared out every password in the credential manager and this also didn't make any difference either.

    The thread by dhtampa describes my issue too (although I can create a profile in outlook with no problem) but his resolution of setting up the account to use 2fa in azure has already been done (which is why it works on my old machine).

    I'll post a new thread in that other forum to see what response they can give me. I have a feeling that an app password will work but this shouldn't be needed as Outlook 2016 should support 2fa (and based on dhtampa's experience (and the rest of my company) it does (most of the time). Unfortunately in order to roll this out to clients it needs to run every time!


    http://absoblogginlutely.net

    Tuesday, October 16, 2018 10:41 AM
  • Follow up post created in the Azure MFA forum at https://social.msdn.microsoft.com/Forums/en-US/0f22daef-86ac-4a71-aed3-5c8bddf64e61/outlook-2016-prompting-for-basic-authentication-rather-than-2fa-on-one-machine?forum=windowsazureactiveauthentication

    Interestingly it works on the new machine if I create a new local user and then sign in with my account, so it's obviously some corrupt profile setting somewhere.


    http://absoblogginlutely.net

    Tuesday, October 16, 2018 12:46 PM
  • Follow up post created in the Azure MFA forum at https://social.msdn.microsoft.com/Forums/en-US/0f22daef-86ac-4a71-aed3-5c8bddf64e61/outlook-2016-prompting-for-basic-authentication-rather-than-2fa-on-one-machine?forum=windowsazureactiveauthentication

    Interestingly it works on the new machine if I create a new local user and then sign in with my account, so it's obviously some corrupt profile setting somewhere.


    http://absoblogginlutely.net

    Hi helsby,

    Thanks for sharing the link here! Hopefully forum members there who are experienced in this kind of issue can help you solve the issue! 

    Regards,

    Yuki Sun


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, October 18, 2018 9:55 AM
  • The solution was to delete my user profile. Unfortunately I was not able to get ME Support to troubleshoot the problem. BLosing away the profile is the way iron until it happens again or to a C-level user.

    http://absoblogginlutely.net

    • Marked as answer by helsby Wednesday, October 24, 2018 10:09 AM
    Wednesday, October 24, 2018 10:09 AM