After setting up FIDO multi factor authentication for 365 applications , now certain users can't access the desktop versions of outlook

Question

After setting up FIDO multi factor authentication for 365 applications , now certain users can't access the desktop versions of outlook

Matthew Beck 1

(Tried asking Microsoft direct, but its been a delay for any clear response )

So long story short in my organization we are starting to roll out multi factor authentication for our company windows accounts either using the Microsoft authenticator app on the phones or more often FIDO security keys.

They work properly with browser versions of 365.

But now two users can't use their desktop versions of outlook.

This is after testing both on my computer and there's that the credentials work in the browser version, but not the desktop version.

I am told one potential solution is a "app password" but I can't seem to find where said app password would be for the DESKTOP version of the programs.

Trying to figure this out post haste, as I have had to put the rollout of the multi factor on hold, as I can't risk potentially more users being affected without a solution .

Any help would be appreciated here .

Reply

Answer 1

Ed Harrison-MSFT 211 Microsoft Employee

Hi @Matthew Beck - thanks for your question.

It's possible that your users are hitting one of the scenarios covered by https://learn.microsoft.com/en-us/outlook/troubleshoot/authentication/outlook-prompt-password-modern-authentication-enabled (basically, related to having migrated from an on-prem Exchange to M365).

Can you take a look at that and see if that helps?

----

If this helps, please remember to upvote and mark as answer so that others can find the solution in future.

Ed Harrison-MSFT 211 Reputation points Microsoft Employee

2022-08-15T10:17:53.637+00:00
@Matthew Beck - the other thing to check is that you have enabled Modern authentication for the Outlook apps under:

M365 Admin portal (admin.microsoft.com)

Settings

Modern Authentication

Turn on modern authentication for Outlook 2013 for windows and later

Do let us know (and "mark as answer" if anything here helps).
Matthew Beck 1 Reputation point

2022-08-15T16:10:45.63+00:00

Well I need to get in there to determine which it is for those two users.
But when I look under settings, I see no option for Modern authentication , as shown below.
Is there a different settings I should be aware of ?
Ed Harrison-MSFT 211 Reputation points Microsoft Employee

2022-08-16T10:42:30.177+00:00

Apologies @Matthew Beck , I missed that it's under "Org Settings" in the settings drop down:

If it's only affecting a few of your users, though, then it sounds as though it's more likely that modern auth is enabled (it is enabled by default and it would impact everyone), but the affected users may need the registry updated.

Answer 2

Matthew Beck 1

Shockingly modern authentication is not turned on .

Basic authentication is enabled, but cannot be modified until modern authentication is enabled

However as the part timer I don't got the go ahead just yet to change that before the manager for the entire Organization.
Still that could be the big factor here.

ChristyZhang-MSFT 10,381 Reputation points Microsoft Vendor

2022-08-19T08:49:07.877+00:00

Hi @Matthew Beck ,

Have you tried to turn on the modern authentication and check if the issue still exists?
On the other hand, it's also suggested that you could try to modify the registry as eepyaich mentioned. (Note: Serious problems can occur if you modify the registry incorrectly. Before making changes, back up the registry to restore it in case something goes wrong.)
Jaya Lakshmi Koduru 6 Reputation points

2022-09-07T19:02:29.817+00:00

Hello @Matthew Beck , do you need additional assistance? Was the answer helpful? If it was, please accept it and complete the quality survey so that others can find a solution.

After setting up FIDO multi factor authentication for 365 applications , now certain users can't access the desktop versions of outlook

2 answers

Activity