none
Issues with Microsoft Authentication app and Outlook App on Android RRS feed

  • Question

  • We have got an Office 365 setup which is using ADFS for authentication. We are then using Duo for our 2FA, which does not use the Microsoft authentication app in any way. I can then setup my normal email account (non-admin) using the Outlook app on my phone and authentication via ADFS & the Duo 2FA works fine. 

    We have then got a separate admin account that is only in the cloud (not part of our AD so not running through ADFS) as a last resort should we have issues accessing the system as an admin configured in AD and using ADFS. 

    Since Duo does not seem to support 2FA of cloud accounts we thought the simplest solution would be to use the Microsoft 2FA app on our Android phones. We have configured this and all is well in the Microsoft world of authenticating the Admin account with 2FA. 

    But what we have found now is any device that has got both Outlook configured with a normal user and the Microsoft Authentication app configured for the cloud account, the Outlook app stops signing in the normal user. It keeps asking to sign in and never completes the sign in process. Removing the account and starting again does not resolve the issue, you put in the email address, get the blue circle and then the app goes back to the get started page and displays "An Error Occurred".  If you remove the Authentication app from the phone, Outlook starts to work again.

    Has anyone else come across this issue and have they worked out what may be causing the issue. We want to keep the amount of Cloud admin accounts to a minimum and because there may be up to 4 admin login into this account from various locations, depending who is on call, using a telephone number as the 2nd factor may not be the best option as we all have our own phones and may not be in the office to pick up the call if we set it up with this. Plus disabling Duo on ADFS so that we are only authenticating the normal account with AD credentials does not make any difference either when the Microsoft Authentication app is configured for the admin account.

    Any assistance on this would be greatly appreciated.

    Thanks

    Tuesday, April 23, 2019 3:01 PM

All replies

  • "We have got an Office 365 setup which is using ADFS for authentication. We are then using Duo for our 2FA, which does not use the Microsoft authentication app in any way. I can then setup my normal email account (non-admin) using the Outlook app on my phone and authentication via ADFS & the Duo 2FA works fine. 

    But what we have found now is any device that has got both Outlook configured with a normal user and the Microsoft Authentication app configured for the cloud account, the Outlook app stops signing in the normal user. It keeps asking to sign in and never completes the sign in process. Removing the account and starting again does not resolve the issue"


    Hi,

    I currently have the exact same problem. Once you disable MFA via android phone the sign in process stops spamming. It was working perfectly a few months ago but I can not find any solution online anywhere. 

    Any help from anyone?

    TIA
    Tuesday, July 23, 2019 6:34 AM
  • We are seeing a different but very similar issue.  Our users are being presented with repeated authentication prompts from Office 365 and OneDrive for Business.

    We have attempted to remove and re-add the accounts to Outlook, restart the devices, and have even tried to reinstall Outlook.  None of this has resolve the issues our users are seeing.  At the moment this seems to be limited to Android devices and is affecting about 20% of our users.

    After several attempts to contact someone at Microsoft we keep getting bounced around from team to team.  We've discussed this with the partner we purchased through, CDW, we've opened tickets with the Exchange Online team and have talked with the Outlook for Android team as well.  Here are the most recent comments from the Android team.

    Hello! Do you use the Microsoft Authenticator app to authenticate your accounts? The reason why you are facing this issue because the token that received Outlook Mobile app is expired and the app asks you to re-authenticate your account to receive a new token.

    I'm afraid we can't don much from the Outlook Mobile side as it's most likely a server issue.

    I'm not sure if this issue is with the Microsoft Authenticator app or with your Microsoft Exchange server. If you face this issue is many devices in your company, first off I recommend you to contact your Exchange Administrator for further assistance.

    Our CEO's patience are running thin and considering he prefers solutions that are not Microsoft based we are getting a lot of pressure to migrate away from Office 365 completely.

    Any information someone could provide to help us troubleshoot these issues would be much appreciated.

     
    Sunday, August 25, 2019 11:32 AM
  • There appears to be an issue with how Authenticator is handling SSO since the last update. Play store description of what's new reads "We've made some improvements to help you securely access additional apps and services without needing to sign in again."

    I haven't personally experienced Panoz84 issue yet because I don't run that mix of accounts, but I am very familiar with matt's issue and have been chasing this since Aug 19. 

    The solution now appears to be either:

    Uninstall the Microsoft Authenticator and utilize a different OTP code generator or MFA verification method

    OR

    Use the Register Device function within Microsoft Authenticator to register the phone with Azure AD. This fixes matt's issue immediately, though I'm not sure if it will address the issue Panoz has.

    There appears to be an issue with how Authenticator is brokering SSO sessions. When the applications go to pull a new access token with the refresh token, they can't do it automatically/silently. The last app you used will continue to negotiate new access tokens without intervention unless you open another Microsoft application that receives a different token. Outlook seems to be the loudest. If you open Teams, get a "pick account" window flash, you can confirm in Azure AD sign in logs that the Teams application signed into your account. The next time Outlook needs a new access token, it will ask to sign in again. Typically a password or MFA isn't necessary, just pressing the notification...then Outlook will be fine and never ask for sign in again unless you open another Microsoft app that performs SSO through Authenticator.

    Not sure what the issue would be between the Authenticator and the enterprise/personal account mix but I bet the flaw is inherently related. 

    Wednesday, August 28, 2019 12:35 PM
  • There is a bigger thread discussing this issue in the Outlook for android forum:

    https://answers.microsoft.com/en-us/msoffice/forum/all/microsoft-outlook-for-android-issues-please-sign/ff7a608b-d06b-4fcb-ab96-8367df2aa8e4?rtAction=1566942663944&page=4

    Microsoft hopefully will eventually "fix" the issue.

    Wednesday, August 28, 2019 6:23 PM
  • Premier support informed us the issue is known and there is a Microsoft Authenticator Beta you can sign up for through the Google Play Store. So far the Beta Authenticator 6.6.1 seems to fix the issue for me. I've been running it all morning and signing into my different apps and I have not experienced the issue at the expected intervals.
    Thursday, August 29, 2019 2:15 PM
  • were you able to fix this?

    We have this issue even if we dont have authenticator app installed on the phone.


    Hari Kumar --- Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights

    Wednesday, November 20, 2019 7:32 PM
  • Premier support informed us the issue is known and there is a Microsoft Authenticator Beta you can sign up for through the Google Play Store. So far the Beta Authenticator 6.6.1 seems to fix the issue for me. I've been running it all morning and signing into my different apps and I have not experienced the issue at the expected intervals.

    Did MS provide you any update on this? Can you tell me which team you contacted within MS?

    In my case even if the mobile dont have authenticator app, outlook prompts for this behavior.



    Hari Kumar --- Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights

    Wednesday, November 20, 2019 7:36 PM