Tag: Multi Factor Authentication

M365 Multi-Factor Authentication: Modern Authentication vs App Password

What is Modern Authentication?

Modern Authentication applies to Office 2013 application and above version. Modern Authentication is enabled by default. Modern Authentication does by keeping your credentials and you do not have to re-key your credential whenever you launch your Office applications. For ADFS environment, Modern Authentication will use the OATH2 to authenticate to ADFS (via the addition of ADFS into the trusted local intranet sites) on the client’s behalf, and will SSO the user.

 

outlook01
Modern Authentication supported, grey-out the settings

 

What happens MFA enabled in Modern Authentication?

On your next login to your workstations/laptops/computers, you will be prompt to key in your authentication code for each Office applications, example Outlook, OneNote, OneDrive and so on.

Where can you get Authentication code?

Download the Microsoft Authenticator app from your mobile’s PlayStore app.

1200x630bb.jpg

What is App Password?

App Password applies to Office 2013 application and below version. Is in the form of a randomly generated password with a combination of symbols and alphanumeric, which requires you to paste into each of your Office applications. For short, App Password is for legacy office application.

What happens when MFA is enabled in App Password?

When the next login to your workstation/computer/laptop, and the first launch of your Office application, example Outlook, you will be prompt to key in your credential but for the password, you must paste the app password instead of using your usual password.

 

As you can see the behavior is almost the same.

 

 

Troubleshoot MFA for Outlook with Modern Authentication turned on

First of all, understand that I also went through trouble with this modern authentication that is turn on and causing you to see “Always prompt for logon credentials” option is grey out under Outlook application. You would like to have app password for your outlook application but got stop to proceed so because of modern authentication. Is also troublesome to have to keep on keying the code whenever you are re-login your Outlook application without the app password setup on your Outlook account.

*Modern authentication only supports 2013 or the earlier release, please refer to reference for further information

Example for Outlook 2016;

Where to see the grey out “Always prompt for logon credentials”?

File > Info > Account settings > Account Name and Sync Settings > Select More Settings > go to Security tab

outlook01

 

However, to sign in with app password, there are 2 options;

  1. If you have an existing account in your Outlook application and have “Always prompt for a password to log in” is enabled then you will just have to key in the app password in the prompt panel.
  2. If you are re-adding or add new account then you will have to key in the app password during your setup of the account for your Outlook application.

*These options doesn’t just limit to Outlook application only

So to disable the modern authentication you may need to add-on a registry;

  1. Go to registry
  2. Locate this directory HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL
  3. If “EnableADAL” registry is not created yet then create it as DWORD and set the value to “0”
  4. If you have already has this registry then just change the value to “0”
  5. Close the registry and restart your Outlook application (by closing and re-open)
  6. You will see the prompt for the credential to log in is shown while you launch your Outlook application
  7. Key in your app password and select remember password

*Is much simple to add registry 

*But I recommend that you remove the profile and then re-add

References;

  1. https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/modern-authentication-on-outlook-2016-keeps-on/98a263f4-ab9c-4d6f-b5eb-2728a8e77412
  2. https://docs.microsoft.com/en-my/office365/enterprise/modern-auth-for-office-2013-and-2016?redirectSourcePath=%252fen-us%252farticle%252fHow-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517