How to force Outlook Office 365 to use modern auth and MFA
I've set up Okta federation with our Office 365 domain and enabled MFA for Okta users but AzureAD still does not force MFA upon login.
I want to enforce MFA for AzureAD users because we are under constant brute force attacks using only user/password on the AzureAD/Graph API. It causes users to be locked out although our entire domain is secured with Okta and MFA.
I disabled basic auth for my account and try opening outlook desktop app but it cannot connect.
Set-CASMailbox firstname.lastname@example.org -PopEnabled $false -ImapEnabled $false -MAPIEnabled $false
The AzureAD logs show only single factor authentication but Okta is enforcing MFA. I realize now we should have enabled MFA in AzureAD first but I was lost in documentation that really doesnt seem quite clear.
In Okta for my Office 365 app, i've enabled Okta MFA from Azure AD so it passes the tokens to AzureAD and it works for my account when accessing O365 from the web browser but Outlook does not.
Under conditional access for MFA i've selected everything: Browser, Mobile apps and desktop clients, Exchange and Active sync clients and other clients. Also 'Require MFA' is set for this policy. Prior to this, all my access was logged in AzureAD as single factor.
I would greatly appreciate any help with this. We have hundreds of users and I need to enforce MFA for all Office 365 services so the bots cannot lock out our users.
i've tried enabling security defaults and Outlook 365 still cannot connect.
Sign in to comment
Hi @Chris F ,
From your description, seems that it is more related to Azure AD, please kindly understand that here we mainly focus on general issues about Outlook desktop client and know little about Azure AD. To better solve your issue, I will add the tag “Azure Active Directory”.
Thanks for your understanding and hope your issue will be resolved soon.