{"id":418,"date":"2020-03-11T14:57:39","date_gmt":"2020-03-11T14:57:39","guid":{"rendered":"http:\/\/www.torontohelpdesk.ca\/blog\/?p=418"},"modified":"2020-03-11T14:57:40","modified_gmt":"2020-03-11T14:57:40","slug":"outlook-password-loop-when-mfa-is-enabled-for-office-365","status":"publish","type":"post","link":"http:\/\/www.torontohelpdesk.ca\/blog\/outlook-password-loop-when-mfa-is-enabled-for-office-365\/","title":{"rendered":"Outlook Password Loop when MFA is enabled for Office 365"},"content":{"rendered":"\n<p><strong>Problem:<\/strong> Your environment has MFA and Outlook prompts for a password in a loop<\/p>\n\n\n\n<p><strong>Solution:<\/strong><br> (h\/t <a href=\"https:\/\/www.vdberge.com\/kennisbank\/outlook-password-loop-when-multi-factor-authentication-is-enabled-for-office-365\/\">Van den Berge<\/a>) <\/p>\n\n\n\n<p><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The cause<\/h3>\n\n\n\n<p>The issue is caused by a requirement for&nbsp;\u2018Modern \nAuthentication\u2019&nbsp;to be enforced. If you use Azure MFA&nbsp;as your \nmulti-factor solution, Microsoft provide a workaround for the password \nloop problem. Each user gets an&nbsp;App Password&nbsp;to use for any applications\n that do not support Modern Authentication or any applications that are \nnot enabled for Modern Authentication. Now, not everybody likes using \napp passwords since they are hard to manage and will place an extra \nworkload on your&nbsp;Helpdesk.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">The solution<\/h3>\n\n\n\n<p>The solution is enabling Modern Authentication which \nis disabled by default for Exchange Online but enabled by default for \nSharePoint Online. Skype for Business Modern Authentication has just \ncome out of public preview.<\/p>\n\n\n\n<p>First of all connect your PowerShell to Exchange Online in your Office 365 tenant, then&nbsp;run the following command:&nbsp;<strong>&nbsp;Get-OrganizationConfig<\/strong><\/p>\n\n\n\n<p>This will present a lot of info but the part we are interested in is illustrated below:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"https:\/\/www.vdberge.com\/wp-content\/uploads\/2018\/05\/1.png\" alt=\"\" class=\"wp-image-3240\"\/><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>As you can see,\u00a0OAuth2ClientProfileEnabled\u00a0is set  to\u00a0False.\u00a0This means Modern Authentication is disabled for Exchange  Online. Set this to True by running:<\/p>\n\n\n\n<p><strong>Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true<\/strong><\/p>\n\n\n\n<p>Now you should see the following:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignleft\"><img decoding=\"async\" src=\"https:\/\/www.vdberge.com\/wp-content\/uploads\/2018\/05\/1-1.png\" alt=\"\" class=\"wp-image-3241\"\/><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>OK, now your tenant will accept Modern Authentication requests. Now  we need to determine which applications will send the correct  authentication. In my case Outlook 2016 now workes fine with 2FA  enabled.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Problem: Your environment has MFA and Outlook prompts for a password in a loop Solution: (h\/t Van den Berge) The cause The issue is caused by a requirement for&nbsp;\u2018Modern Authentication\u2019&nbsp;to be enforced. If you use Azure MFA&nbsp;as your multi-factor solution, <a class=\"more-link\" href=\"http:\/\/www.torontohelpdesk.ca\/blog\/outlook-password-loop-when-mfa-is-enabled-for-office-365\/\">Continue reading <span class=\"screen-reader-text\">  Outlook Password Loop when MFA is enabled for Office 365<\/span><span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-418","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/posts\/418","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/comments?post=418"}],"version-history":[{"count":1,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/posts\/418\/revisions"}],"predecessor-version":[{"id":419,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/posts\/418\/revisions\/419"}],"wp:attachment":[{"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/media?parent=418"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/categories?post=418"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.torontohelpdesk.ca\/blog\/wp-json\/wp\/v2\/tags?post=418"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}