This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 28.999999999999996%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDC%3C/text%3E%3C/svg%3E)
Hi all,
I am trying to use conditional access with the outlook app that came installed with the home edition of Windows. Whenever I enabled conditional access MFA, it kept prompting me to enter my password over and over and again. I then realized that modern authentication was not enabled and I needed to modify the registry with the following:
Computer\HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity
Dword: EnableADAL = 1
My question is if there is a cleaner way to do this for all the hosts in the organization. I read Microsoft documentation and it stated that modern authentication should be enabled by default for outlook 2016. Since I am using Outlook 2019 I should be fine?
It should, yes. But you should still check whether the relevant keys have been modified via GPO or the cloud config service. And make sure Modern auth is enabled service-side, some older tenants might still have it disabled.
I checked several computers from different brands and they all don't use modern authentication by default for Outlook. Furthermore I checked that 0Auth2ClientPorfileEnabled = True. Does this mean I need to change the registry on all their computers individually?
You don't need to add the reg key, if that's what you mean. This is only needed for older installs (2013 SP2), whereas 2016/2019 have it enabled by default. You might still need to check whether the key was added/modified via GPO or the cloud config service.
So by default the key should be enabled? Which config would I need to modify in the cloud to enable the key? We don't have any of our devices joined to a GPO or Intune so I'm wondering what could have modified it.
Nvm the above. I figured that by enabling the conditional access it would re-prompt me using modern authentication to log me in. However since we have pre-existing accounts logged into Outlook that did not use MFA, it kept prompting for password and not accepting it. We would either need to enable the reg key or delete the email accounts and re-add them. Thanks for your responses!