Mis-behaving Office 365 MFA and app passwords
By Shahid Iqbal on 31 July 2019
If you have Office365 MFA enabled and Outlook constantly prompts you for a password for your Office365 account, you may need to enable Modern Authentication in your Office365 tenant.
I’ve been using Office 365 for a long time and like a good citizen have MFA enabled for my account (in fact I have MFA enabled for everything that I can). MFA works great most of the time however it is a pain when it comes to applications that need to access your account which cannot perform the MFA dance.
When it comes to Office 365, the most common of these is Outlook, the typical work around for Outlook is to use an app password - essentially a generated password that can be used by the application to by-pass the MFA requirement.
App passwords are a cludge - they are usually quite short and not very secure compared to a long password.
Recently Outlook on my Windows machines stopped working correctly, it would constantly prompt for a password and wouldn’t accept my app passwords or my actual password. After numerous attempts to fix the issue, including, removing all the email accounts and trying to use the Support and Recovery Assistant for Office 365, eventually I stumbled across a solution that worked for me (as always your mileage may vary!).
- Office 365 E3 subscription
- Latest Office applications installed on Windows 10 (1903)
- Office MFA enabled and configured (enforced) for my account
- Admin rights to my O365 tenant
Remove any Outlook saved credentials using the Windows Credential Manager
Click start and type in
credential and open
Credential Manager and select
Remove any credentials associated with Office and your O365 account (Look for anything starting with
MicrosoftOffice16...) - ensure you don’t remove credentials for accounts other than the problematic account.
Go to your security profile and delete any previously created app passwords for Outlook. See instructions here for more details.
This was the important step, you need to ensure Modern Authentication is enabled for your Office 365 tenant.
Sign into your Office 365 Admin Center https://admin.microsoft.com using your O365 account (you will need admin permissions).
From the navigation menu select
Settings > Services & add-ins
From the list select Modern authentication and enable the option.
Open Outlook and you should be prompted for your password for the relevant Office365 account - use your actual password (and follow any subsequent prompts). If you have multiple accounts in Outlook ensure you try opening the inbox for the problematic account to cause the password prompt.
If you are still getting password prompts try removing the O365 account and re-adding it.
Things to note
This “fix” may cause problems with older email clients so use at your own risk.
I have several Windows 10 PCs and an Android phone all of which are now working correctly once I enabled the Modern authentication option.