News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • MFA for Outlook

    Posted on Niterider4 Comment on the AskWoody Lounge
    Viewing 1 reply thread
    • Author
      • #2255445 Reply
        AskWoody Plus

        I have Office 365 with two users. Each user has at least one desktop running the Outlook client, and at least one mobile device (both Android and iOS), running native email apps.

        I wanted to implement multi-factor authentication (MFA), because I know it is more secure. I read several documents online, and then implemented the work flow described below.

        The result was that everyone (except my main desktop client, which got prompted for MFA) got kicked out of Outlook. When trying to run Outlook on a mobile device, the user would get one email from Microsoft Outlook, saying Your email access has been blocked … this email generated by Microsoft Exchange. When trying to run Outlook on a desktop client (other than my main computer), Outlook would repeatedly ask for a password, but never connect (even when the correct password was entered).

        In all cases, desktops and mobile, users were able to connect to Outlook via web. Mobile clients were able to connect using Outlook Mobile (but not native Android or iOS apps).

        In Exchange Admin, most devices show as quarantined, and clicking Allow does not remove the quarantine status. It comes back immediately. Removing accounts from devices and adding them back does not help.

        The one setting below that seemed to mess everything up was when I turned on Security Defaults in Azure Active Directory. When I turned Security Defaults off, people were again able to access Outlook as before.

        I am anxious to implement MFA, because I know it is best practice. However, I spent an entire day and night trying to fix what went wrong (including several hours on the phone with MS support), and I am not eager to go through that again.

        If anyone could tell me what I did wrong, or how I can properly implement MFA in my environment, I would be very appreciative.

        Here is what I did, that kicked everybody out:

        1. Sign in to the admin center with global admin credentials.
        2. Go to the Azure Active Directory – Properties page.
        3. At the bottom of the page, choose Manage Security defaults.
        4. Choose Yes to enable security defaults, and then choose Save.
        5. From the Admin centre, select Settings, Settings and then in the Services tab, choose Modern authentication from the list.
        6. Check the Enable modern authentication box in the Modern authentication panel, and then choose Save changes.
        7. Go to Users, Active users, and click on Multi-factor authentication.
        8. Go to service settings (at top) and (a) select all verification options, and (b) click remember multi-factor authentication and set to 60 days.
        9. For each user, under quick steps, click Enable.

      • #2264715 Reply
        AskWoody Plus

        The only thing I don’t recognize is this issue of choosing the manage security defaults. I’ll have to go back and check, but I don’t remember ever checking that. You don’t mention which version of Outlook your users are using Nor the version of the operating system, nor the  version of office. can you sign in and work affectively without turning the security default on? all the rest of those choices are ones that I’ve made and it works just fine from my clients and I.

        there have been problems in the last week with logins with MFA by Microsoft that are now resolved. You might want to double try and see if you really can still generate the same problem set.Members of my team we’re having problems on Wednesday and Tuesday with MFA. Those problems seem to have resolved themselves as of today. Also for the android users I would check to see what version of the operating system of android they are using. Some of my android users are just fine while others who are using older versions of android operating system are having problems.

        • This reply was modified 1 month, 2 weeks ago by 8string.
    Viewing 1 reply thread

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: MFA for Outlook

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.