Tag: Office Application

Exchange Migration: Outlook kept prompting for password after migration

Hi guys and girls, hope you are doing well, as the pandemic is still on-going, hope that you guys are keeping cleanliness and safety first.

Today’s topic is about exchange migration of mailboxes from on-premises to Office 365. This issue is where the legacy windows client or legacy office apps has issue with their outlook applications keeps prompting for credentials and showing disconnection. The issue also do happen to Windows 10 machines but not as aggressive as the Windows 7 machines.

This environment has the following items,

  1. Exchange server: 1 unit, version 2013, CU23 (latest)
  2. Windows client: Combination of Windows 7 and Windows 10
  3. Office applications: Combination of 2013, 2016, 2019 and Microsoft 365 apps for business in both windows 7 and windows 10 categories
  4. Migration method: Remote move migration
  5. Hybrid establishment: Yes
  6. Microsoft 365 license: Business standard/basic

As we all know that the major pre-requisites must met before starting the hybrid and perform migration.

We notice intermittent connections while running the Wireshark on Windows 7 with M365 business apps, while trying to login using the migrated account credential on an Outlook app. We ran a re-creation of the outlook profile and the prompt for credential has stops. This is definitely not the right solution. Solutions is dependent with what caused the issue.

At first we suspected something got to do whitelisting on the network layer but we had confirmed that the whitelisting are correctly configured. Next, we suspected something go to do with compatibility on windows with/or office apps version. This is not a very good idea. After quick research, I came about modern authentication could be the caused, and there where I had an idea on suggesting to turn off the security default in Azure portal and then turn off the modern authentication in Office 3655 tenant. After 10 to 15 mins, the intermittent connections no longer shows up on the Wireshark.

Modern authentication is enabled by default for every new Office 365 tenants, so please be aware if your environment has legacy windows client running or legacy office applications, do consider to turn them off first before proceeding to deploy Microsoft 365 apps.

Azure portal > Azure AD > Properties > Manage security defaults
Office 365 admin center > Settings > Org Settings > modern authentication

Modern authentication was the one the interfered with the machines and it kept challenging the users to key in credentials due to the compatibility was not met. Once the modern authentication is turn off, the environment now is running basic authentication.

References:

Office Apps: Outlook keeps flashes white pop-ups and disconnects

Ok so recently been receiving reports about users experiencing their outlook keeps flashes white pop-ups and remain disconnects, even their Internet is connected.

It seems this issue only occurs to users that never or frequently perform updates on their machine and office apps.

The solutions was to perform windows update and Office apps update to resolve this issue, if you have driver update, do perform that too.

If the issue still occurs, then you have to dig into the event logs to identify the issue. If time is limit, then you just proceed to uninstall and reinstall their office apps.

Outlook: Why People Online Status is Grey Out?

Ever faced grey out present status in your outlook? You start to wonder was it the settings block from office 365, or is your firewall blocking, or is there registry configured?

If you have ask above questions and also checked that none above related then the next question you should ask yourself is “What Office 365 license I’m on?“. The answer is if you are not using any Office 365 enterprise license, or your Office installer is “Home and Business” you will not have the online status feature. Is a limitation based on type of license that you subscribed.

Hence, get consultation and get to understand about the licenses that you are going to purchase.

How to check?

Open your Outlook App > Click on File at top left

Capture01

Click on Options at the left side bar

Capture02

Click on People > Scroll down you will see this grey out

Capture

My Office Application are using ProPlus

Capture

Azure Information Protection: Office application prompt for privacy notice

Microsoft provide notice to end users that has Azure Information Protection enabled and Policy has set to them. It does not matter either you are on Azure Information Protection Classic or Unified labeling.

When you first launch your office application or relaunch it you will get this notice.

A privacy notice such as below;

privacy.PNG

Azure Information Protection: Overview Default labels on Office application

I am having an Office ProPlus application, using Windows 10 Pro. Azure Information Protection stands for AIP. I will use AIP term throughout this post. Making sure AIP is enabled at the Global administrator side.

If you are wondering “Hey, I do not want my users to be having the privileged to uninstall AIP application from their devices”, well I will explain more on the next post 🙂 !

Requirements

  1.  An office 365 account
  2. Supporting Office 365 License
  3. Supporting Windows Client/Server
  4. Azure Information Protection Application

Just to show you how the labels look like for each of the Office application (Outlook, Word, PowerPoint, and Excel),

Outlook Without AIP

o36501

Outlook with AIP

o36502.png

Word without AIP

o36506.PNG

Word with AIP

o36503

Excel without AIP

o36508

Excel with AIP

o36505

PowerPoint without AIP

o36507

PowerPoint with AIP

o36504

 

 

 

Troubleshoot MFA for Outlook with Modern Authentication turned on

First of all, understand that I also went through trouble with this modern authentication that is turn on and causing you to see “Always prompt for logon credentials” option is grey out under Outlook application. You would like to have app password for your outlook application but got stop to proceed so because of modern authentication. Is also troublesome to have to keep on keying the code whenever you are re-login your Outlook application without the app password setup on your Outlook account.

*Modern authentication only supports 2013 or the earlier release, please refer to reference for further information

Example for Outlook 2016;

Where to see the grey out “Always prompt for logon credentials”?

File > Info > Account settings > Account Name and Sync Settings > Select More Settings > go to Security tab

outlook01

 

However, to sign in with app password, there are 2 options;

  1. If you have an existing account in your Outlook application and have “Always prompt for a password to log in” is enabled then you will just have to key in the app password in the prompt panel.
  2. If you are re-adding or add new account then you will have to key in the app password during your setup of the account for your Outlook application.

*These options doesn’t just limit to Outlook application only

So to disable the modern authentication you may need to add-on a registry;

  1. Go to registry
  2. Locate this directory HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL
  3. If “EnableADAL” registry is not created yet then create it as DWORD and set the value to “0”
  4. If you have already has this registry then just change the value to “0”
  5. Close the registry and restart your Outlook application (by closing and re-open)
  6. You will see the prompt for the credential to log in is shown while you launch your Outlook application
  7. Key in your app password and select remember password

*Is much simple to add registry 

*But I recommend that you remove the profile and then re-add

References;

  1. https://answers.microsoft.com/en-us/msoffice/forum/msoffice_outlook/modern-authentication-on-outlook-2016-keeps-on/98a263f4-ab9c-4d6f-b5eb-2728a8e77412
  2. https://docs.microsoft.com/en-my/office365/enterprise/modern-auth-for-office-2013-and-2016?redirectSourcePath=%252fen-us%252farticle%252fHow-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517

Outlook: Why am I seeing this pop-up frequently? How do I check the causes?

If you have an environment that is newly deploy or newly upgraded and after few months, than you have only encounter your Outlook frequently shows the pop-up for credentials. Thus, you have no idea, how come there would be such issue happen, even though you have deploy it with best practice.

To check what is causing this situation is to run wireshark;

  1. Run wireshark on a user’s computer, either connected to LAN or Internet.
    • Close all necessary applications
    • Open and run the wireshark
    • Open Outlook only
    • If no pop-up shown, than open other microsoft applications, such as excel or skype for business
    • If than pop up shown, than stop and save your wireshark logs
    • Analyse the wireshark logs
    • You will probably see there is multiple re-transmission of the firewall connection, which successful and than fail instantly
    • This could be your firewall issue that causes the pop up
  2. You can also check from Event viewer from the user’s computer, based on the similar steps for wireshark

For such situation happen, the only assumption you will ask yourself is;

  1. Has there be changes with firewall?
  2. Is the firewall having issue?
  3. Is my exchange or exchange hybrid having issue?
  4. Is my ADFS having problem? (You can check from portal access is it accessible, if yes than ADFS is not the problem)