Modern Authentication is a method of identity management that offers more secure user authentication and authorization. In this post, we will look at why Outlook prompts for passwords when Modern Authentication is enabled, and as well as provide the solution to remediate this issue. This issue applies to Outlook, Exchange Online, and Outlook for Microsoft 365.
Based on the two scenarios listed below, you’re prompted for credentials, and Outlook doesn’t use Modern Authentication to connect to Office 365 – after you enter your credentials, they’re transmitted to Office 365 instead of to a token.
- Scenario 1: Microsoft Outlook connects to your primary mailbox in an on-premises Exchange server using Remote Procedure Call (RPC), and it also connects to another mailbox that’s located in Office 365.
- Scenario 2: You migrate your mailbox to Office 365 from an Exchange server that Outlook connects to by using RPC.
This issue is triggered because Outlook limits its choices of authentication schemes to schemes that are supported by RPC. But the authentication schemes don’t include Modern Authentication.
Outlook prompts for password when Modern Authentication is enabled
To resolve this issue, you need to create AlwaysUseMSOAuthForAutoDiscover registry key to force Outlook to use the newer authentication method for web services, such as EWS and Autodiscover.
Do the following:
- Exit Outlook.
- Press Windows key + R to invoke the Run dialog.
- In the Run dialog box, type regedit and hit Enter to open Registry Editor.
- Navigate or jump to the registry key path below:
- At the location, right-click on the blank space on the right pane and then select New > DWORD (32-bit) Value.
- Rename the value name as AlwaysUseMSOAuthForAutoDiscover and hit Enter.
- Now, double-click on the new value to edit its properties.
- In the properties dialog box, input 1 in the value data box.
- Click OK to save the change.
- Exit Registry Editor.
- Restart your PC.
Microsoft in their documentation, explains Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, laptop or phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes the following:
- Authentication methods: Multi-factor authentication (MFA); smart card authentication; client certificate-based authentication.
- Authorization methods: Microsoft’s implementation of Open Authorization (OAuth).
- Conditional access policies: Mobile Application Management (MAM) and Azure Active Directory (Azure AD) Conditional Access.
Managing user identities with modern authentication gives administrators many different tools to use when it comes to securing resources.