After setting up FIDO multi factor authentication for 365 applications , now certain users can't access the desktop versions of outlook

Matthew Beck 1 Reputation point

(Tried asking Microsoft direct, but its been a delay for any clear response )

So long story short in my organization we are starting to roll out multi factor authentication for our company windows accounts either using the Microsoft authenticator app on the phones or more often FIDO security keys.

They work properly with browser versions of 365.

But now two users can't use their desktop versions of outlook.

This is after testing both on my computer and there's that the credentials work in the browser version, but not the desktop version.

I am told one potential solution is a "app password" but I can't seem to find where said app password would be for the DESKTOP version of the programs.

Trying to figure this out post haste, as I have had to put the rollout of the multi factor on hold, as I can't risk potentially more users being affected without a solution .

Any help would be appreciated here .


Outlook Management
Outlook Management
Outlook: A family of Microsoft email and calendar products.Management: The act or process of organizing, handling, directing or controlling something.
4,882 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,437 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Ed Harrison-MSFT 301 Reputation points

    Hi @Matthew Beck - thanks for your question.

    It's possible that your users are hitting one of the scenarios covered by (basically, related to having migrated from an on-prem Exchange to M365).

    Can you take a look at that and see if that helps?


    If this helps, please remember to upvote and mark as answer so that others can find the solution in future.

  2. Matthew Beck 1 Reputation point

    Shockingly modern authentication is not turned on .

    Basic authentication is enabled, but cannot be modified until modern authentication is enabled

    However as the part timer I don't got the go ahead just yet to change that before the manager for the entire Organization.
    Still that could be the big factor here.