Hi,
I am trying to authenticate O365 outlook client with SAML ECP, outlook is being repeatedly prompted for basic authentication after triggering the O365 Saml Ecp auth flow.
Validated using O365 outlook client and also using the Microsoft Remote Connectivity Analyser tool
On Windows client ran the following command to prevent modern authentication connections (force the use of basic authentication connections) to Exchange Online by Outlook 2013 or later clients:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
Ensured MAPI,IMAP protocols are enabled for the respective user
Ensured Basic Authentication is enabled for the tenant.
Adding the Connectivity analyser failure logs below.
Testing the MAPI Address Book endpoint on the Exchange server.An error occurred while testing the address book endpoint.
Collapse
Test Steps
Testing the address book "Check Name" operation for user<email> against server outlook.office365.com.An error occurred while attempting to resolve the name.
Additional Details
A protocol layer error occured. HttpStatusCode: 401 Failure LID: 47372 Failure Information: ###### REQUEST [2022-01-24T07:17:48.1956428Z] [ResolvedIPs: 52.98.84.98,52.98.71.210,40.100.55.2,40.100.28.178] ###### POST /mapi/nspi/?mailboxId=872463d3-8b6e-4a1d-9126-f3fee332fae9@Shyrus .world HTTP/1.1 Content-Type: application/octet-stream User-Agent: MapiHttpClient X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 client-request-id: d6e3d5af-d7f3-4feb-ae40-5b8b81dc57d4 X-ClientApplication: MapiHttpClient/15.20.4108.1 X-RequestType: Bind Authorization: Basic [truncated] Host: outlook.office365.com Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToHJHKgCd/ZCA== Content-Length: 45 --- REQUEST BODY [+0.019] --- ..[BODY SIZE: 45] --- REQUEST SENT [+0.019] --- ###### RESPONSE [+0:01.011] ###### HTTP/1.1 401 Unauthorized request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic [truncated] X-Powered-By: ASP.NET --- RESPONSE BODY [+0:01.012] --- --- RESPONSE DONE [+0:01.012] --- ###### EXCEPTION THROWN [+0:01.012] ###### HTTP Response Headers: request-id: 75ec043b-d665-14ff-837c-f129cb4142bf Alt-Svc: h3=":443",h3-29=":443" X-CalculatedBETarget: VI1PR0401MB2480.eurprd04.prod.outlook.com X-BackEndHttpStatus: 401 X-ServerApplication: Exchange/15.20.4909.017 X-RequestId: f851901c-cc46-413f-ad38-45e483662b2d:1 X-ClientInfo: bba2f464-416a-452d-8ade-8736a28bafae:1 X-RequestType: Bind X-RUM-Validated: 1 X-DiagInfo: VI1PR0401MB2480 X-BEServer: VI1PR0401MB2480 X-Proxy-RoutingCorrectness: 1 X-FailureContext: BackEnd;401;VW5hdXRob3JpemVk;VW5hdXRob3JpemVk;;; X-Proxy-BackendServerStatus: 401 X-FirstHopCafeEFZ: XSP X-FEServer: SG2PR02CA0089 Content-Length: 0 Date: Mon, 24 Jan 2022 07:17:48 GMT Set-Cookie: MapiRouting=UlVNOmQ0YzdkOGE3LThkMDEtNDg3Ny05NzJhLWRmMDUyM2VmMzZiZToOIpGgCd/ZCA==; path=/mapi/; secure; HttpOnly Server: Microsoft-IIS/10.0 WWW-Authenticate: Basic Realm="" X-Powered-By: ASP.NET HTTP Status Code: 401 Unauthorized