Change to Azure Active Directory Multi-Factor Authentication Breaks Outlook

Posted by: mbmadmin | | No Comments »

I’ve been using MFA with Office 365 for some time. I was using the Authenticator app on my smartphone and entering the six-digit code when I was challenged by the MFA mechanism. However, I recently changed the MFA process so that the Authenticator app simply pops-up a notification asking for approval, dispensing with the six-digit number.

This worked nicely for the web and other application but, after a day or so, Outlook failed to connect and repeatedly showed. No-matter what password I entered, or how often, it kept coming back with this dialogue…

The solution was to run Microsoft’s Support and Recovery Assistant for Office 365, which is better known as SARA. You can download it here, https://aka.ms/Sara. Once installed the wizard looks like this…

Naturally, mine was an Outlook issue so I started on that path…

There was an exact entry for my issue so my choice was clear…

Obviously, if the tool is going to help, it needs to be run on the machine with the issue…

Enter your Office 365 credentials…

I’m using MFA for my Office 365 account, so I had to go through the MFA login…

Choose your work account…

Enter your O365 password…

Complete the MFA authorisation and you’ll be presented with this page in the wizard…

It looks like Outlook doesn’t work quite a smoothly with MFA as it should. It seems to need an App password. I don’t remember creating an App password, so I opted to click ‘create a new one’ and got sent to this page…

(It’s https://account.activedirectory.windowsazure.com/AppPasswords.aspx.) Initially, for me, this page was empty, there were no App passwords. Clicking ‘Create’ let’s you add one to the page, like this…

You’re asked to create a name for your password. I went with ‘My O365 App Password’ and clicked Next…

The wizard then creates you a strong password. You really need to make a note of it somewhere. Once you’ve got a copy, you can return to SARA. It’s this password that it’s looking for in the page from before…

SARA then does some checks…

Then…

It’s offering to fix Outlook so let’s try, click Yes…

Seems fair, let’s do it…

Close Outlook then Next…

Outlook starts and asks for the password. This time, it’s that new App password so paste it in. Then, as if by magic, Outlook connects and Email flows again…

Conclusion

It seems, for Outlook, it’s important to set and know your App password. I’m sure this will become smoother over time, but it’s a bit of a pain at the moment. I might try turning MFA off or switching authentication method again to see if that also breaks Outlook. Enabling MFA is something that is great for security and so should be done for all organisations, but we don’t want Outlook to break everywhere!

On a plus note, the SARA tool seems pretty good.

Posted in: Cloud, Office 365, Tip

Leave a Comment

Your email address will not be published. Required fields are marked *