Outlook keeps popup for the password after enabling MFA

Situation: The Outlook keeps popup for the password after enabling the MFA. Enter correct domain password doesn’t work.

Troubleshooting: you may need to create a app password by following this link:

How to create Microsoft app password in Office 365

this password can be used for all email in different devices.

Here are some other suggestions:

•  Run the Microsoft Support And Recovery Assistant For Office 365. All IT support personnel should have this page bookmarked.

•  Click Cancel on the password prompt. Outlook might immediately connect normally. If Outlook says “Need password” at the bottom, click on those words. For at least one client, Outlook then immediately switched to “Connected” and hasn’t prompted again since then.

•  Open Control Panel / Credential Manager and remove all passwords related to Office or Office 365.

•  Create a new mail profile.

•  Ping outlook.office365.com. One Reddit contributor thought the password prompts came up when pings fluctuated up to 400-500ms.

•  Add some registry values to control Autodiscover, per this Microsoft support article.

•  Install the most recent updates for the Office programs (in an Office program, click on File / Office Account / Office Updates).

•  Change the password on the mailbox.

•  Disable the Microsoft Account Sign-In Assistant service, if it’s running.

•  Do a Quick Repair of the Office programs.

 

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com

10 thoughts on “Outlook keeps popup for the password after enabling MFA”

  1. Google also link to this suggestion;
    the issue was outlook was not connecting to O365 using Modern Auth. IF you check outlook Connection Status (host Ctrl and click Outlook icon) in System tray) and it says “Clear”. Then outlook is NOT connecting using modern auth. IF it displays “BEARER” like below then it is using Modern Auth. The only fix that I found that works 100% of the time is wipe the User Windows Profile and recreating which means its something in the Windows profile. I used MS SARA and that was a process I just kept telling SARA the fix didnt work until it reached a point where it asked if I wanted it to recreate the Outlook Profile and that also worked but it take over 10 to 15min and sometimes didnt work.

    There was something in the Windows profile that gets wiped and allowed outlook to connect over modern auth. I was only running outlook 2016 which has Modern auth built in so no reg keys needed.
    I chose to do redo the Windows Profile it was faster to do this than sitting for 15min for MS SARA to possibly fix it. I only had 55 to 60 users out of 300 that had this issue when I turned on MFA.

  2. Turning on modern authentication resolved the problem for my client that was the hardest hit. I haven’t gotten any reports about this for the last three weeks or so. You’re still dealing with it after trying all the fixes? Yuck. I don’t have anything else. Although FWIW, you might also disable IPv6, just to test whether it makes any difference. It has been causing persistent problems for a few clients, leaving Outlook occasionally disconnected. http://www.brucebnews.com/2017/09/outlook-disconnected-from-office-365-try-disabling-ipv6/ I’ve never felt like it was responsible for unnecessary password prompts, but hey, you never know. Good luck!

  3. Rolling back fixed my issues on multiple systems. Thanks for the info!!!
    Here it is if anyone else needs:

    At the command prompt, run the following commands:

    cd %programfiles%\Common Files\Microsoft Shared\ClickToRun\

    officec2rclient.exe /update user updatetoversion=16.0.8326.2107

  4. SOLVED FOR OFFICE 365

    For me this was a major issue. For future info (knowledge sharing and all that!), just been on to Office this morning via Tech call USA for the second time – this guy knew his stuff it appears (I’d tried everything before – reinstalling, deleting credentials from Credential Manager, changing passwords you name it). He started a remote session and basically said it is because on a lot of machines there are two versions of office (if you google the issue it’s a widespread issue) – using add remove programs won’t fix the issue so Microsoft have created a specific tool to remove all versions of Office 365 which can be found here:

    https://support.office.com/en-us/article/Uninstall-Office-from-a-PC-9dd49b83-264a-477a-8fcc-2fdf5dbf61d8

    Just click on the blue download link and let it work its stuff.

    Then download the correct version of Office from the users account online – advise clicking on advanced so the user can select the correct version (32 bit or 64 bit) – it defaults to 32 if you just click on download as you probably know.

    https://portal.office.com/OLS/MySoftware.aspx?source=ohp-ib

  5. Reverting back to version 8326.2107 did the trick for me.
    So there is a bug in the latest updates for Office. For me it was Office 2016.
    So follow the post from Casey Davis below.

    Casey Davis says:

    October 27, 2017 at 11:04 am

    @Sean Varley
    Rolling back fixed my issues on multiple systems. Thanks for the info!!!
    Here it is if anyone else needs:

    At the command prompt, run the following commands:

    cd %programfiles%\Common Files\Microsoft Shared\ClickToRun\

    officec2rclient.exe /update user updatetoversion=16.0.8326.2107

  6. Try setting the registry key mentioned in this post and see if it mitigates it, https://office365.uservoice.com/forums/264636-general/suggestions/32694751-outlook-is-not-syncing-an…. We were seeing some internal Microsoft people running into a related issue and the workaround is the registry key.

    Using the registry key to disable ADAL on WAM forces Office to use its built in implementation of Active Directory Authentication Library (ADAL) instead of using ADAL on WAM. I would use the reg key to test and confirm if this is the issue or not. Longer term after the fix comes out you should remove the registry key.

    The issue I am tracking for this is a Windows 10 bug and is scheduled to be fixed in the Windows 10 updates the 4th Tuesday of January 2018.

    Registry key:

    [HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity] “DisableADALatopWAMOverride”=dword:00000001”

    This KB is also somewhat related, https://support.microsoft.com/en-us/help/4025962/you-can-t-sign-in-after-you-update-to-office-2016-b….

  7. Ok, I call Microsoft support, this is the resolution they give me. Use Windows Powershell to disable the popup. Here are all command:
    Install-Module MSOnline
    Set-ExecutionPolicy RemoteSigned
    $UserCredential = Get-Credential
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    Import-PSSession $Session -allowclobber
    Get-OrganizationConfig | Format-Table name, *OAuth*
    Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

    Here are the result:

    Windows PowerShell
    Copyright (C) Microsoft Corporation. All rights reserved.

    PS C:\WINDOWS\system32> Install-Module MSOnline

    NuGet provider is required to continue
    PowerShellGet requires NuGet provider version ‘2.8.5.201’ or newer to interact with NuGet-based repositories. The NuGet
    provider must be available in ‘C:\Program Files\PackageManagement\ProviderAssemblies’ or
    ‘C:\Users\blin\AppData\Local\PackageManagement\ProviderAssemblies’. You can also install the NuGet provider by running
    ‘Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force’. Do you want PowerShellGet to install and import
    the NuGet provider now?
    [Y] Yes [N] No [S] Suspend [?] Help (default is “Y”): y

    Untrusted repository
    You are installing the modules from an untrusted repository. If you trust this repository, change its
    InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
    ‘PSGallery’?
    [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”): y
    PS C:\WINDOWS\system32> Set-ExecutionPolicy RemoteSigned

    Execution Policy Change
    The execution policy helps protect you from scripts that you do not trust. Changing the execution policy might expose
    you to the security risks described in the about_Execution_Policies help topic at
    https:/go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the execution policy?
    [Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is “N”): y
    PS C:\WINDOWS\system32> $UserCredential = Get-Credential

    cmdlet Get-Credential at command pipeline position 1
    Supply values for the following parameters:
    Credential
    PS C:\WINDOWS\system32> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.of
    fice365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    PS C:\WINDOWS\system32> Import-PSSession $Session -allowclobber
    WARNING: The names of some imported commands from the module ‘tmp_2y1ojtvl.0yt’ include unapproved verbs that might
    make them less discoverable. To find the commands with unapproved verbs, run the Import-Module command again with the
    Verbose parameter. For a list of approved verbs, type Get-Verb.

    ModuleType Version Name ExportedCommands
    ———- ——- —- —————-
    Script 1.0 tmp_2y1ojtvl.0yt {Add-AvailabilityAddressSpace, Add-DistributionGroupMember…

    PS C:\WINDOWS\system32> Get-OrganizationConfig | Format-Table name, *OAuth*

    Name OAuth2ClientProfileEnabled
    —- ————————–
    chicagotech.onmicrosoft.com False

    PS C:\WINDOWS\system32> Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
    PS C:\WINDOWS\system32> Get-OrganizationConfig | Format-Table name, *OAuth*

    Name OAuth2ClientProfileEnabled
    —- ————————–
    chicagotech.onmicrosoft.com True

Leave a Reply