Troubleshoot MFA for Outlook with Modern Authentication turned on

First of all, understand that I also went through trouble with this modern authentication that is turn on and causing you to see “Always prompt for logon credentials” option is grey out under Outlook application. You would like to have app password for your outlook application but got stop to proceed so because of modern authentication. Is also troublesome to have to keep on keying the code whenever you are re-login your Outlook application without the app password setup on your Outlook account.

*Modern authentication only supports 2013 or the earlier release, please refer to reference for further information

Example for Outlook 2016;

Where to see the grey out “Always prompt for logon credentials”?

File > Info > Account settings > Account Name and Sync Settings > Select More Settings > go to Security tab



However, to sign in with app password, there are 2 options;

  1. If you have an existing account in your Outlook application and have “Always prompt for a password to log in” is enabled then you will just have to key in the app password in the prompt panel.
  2. If you are re-adding or add new account then you will have to key in the app password during your setup of the account for your Outlook application.

*These options doesn’t just limit to Outlook application only

So to disable the modern authentication you may need to add-on a registry;

  1. Go to registry
  2. Locate this directory HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL
  3. If “EnableADAL” registry is not created yet then create it as DWORD and set the value to “0”
  4. If you have already has this registry then just change the value to “0”
  5. Close the registry and restart your Outlook application (by closing and re-open)
  6. You will see the prompt for the credential to log in is shown while you launch your Outlook application
  7. Key in your app password and select remember password

*Is much simple to add registry 

*But I recommend that you remove the profile and then re-add



Skype for Business: How to setup QoS at client side?

Well there are 2 ways you could perform this is by editing the client’s computer (local group policy) or push the settings using group policy management.

Anyway, both of these methods or steps are similar and simple to setup.

*Note: A wrong value can causes the QoS not running correct

Steps for local group policy;

  1. Make sure you are login as local administrator on your computer
  2. Go to > Start > Search > Group policy
  3. At the group policy > computer configuration > Windows settings > policy QoS settings
  4. Create new policy
  5. Just follow the below image to create total of 5 QoS policies


6. During creating the policy, just change which is necessary. Leave the others as default.

7. Do a restart of the computer (I always do this)

Steps for  GPM;

  1. Open GPM
  2. Create a new GPO and name it
  3. Right click the GPO and click edit
  4. At the group policy > computer configuration > Windows settings > policy QoS settings
  5. Create new policy
  6. Just follow the below image to create total of 5 QoS policies


7. Link this GPO to the OU you wish to have this GPO implemented

8. After that remember to do gpupdate /force on both the server and the client computer

For testing;
1. Install wireshark

2. Select the network you connected and Start the wireshark (Start Capture traffic)

3. Start your skype for business audio call or video call, or both within the same network. Do a peer-to-peer communication.

4. Talk to the audio or make some sound for a minute or 2.

5. End the skype for business call (audio or video)

6. Stop your wireshark

7. Save your traffic

8. You should be able to see your QoS is working





Outlook: How to hide “Do Not Forward”

There some customers who are very particular with security and compliance or rights management service. They also would wish to hide all default RMS templates such as, – confidential, – confidential (View Only) and Do Not Forward, and have their own. Thus, it is easy to hide the – confidential and – confidential (View Only) templates using the Azure classic portal. However, based on many article I researched on hiding or disable the “Do Not Forward” permission in the Outlook have said “You cannot hide or remove Do Not Forward because it is based on the Office”. So, I came by this article (Reference: to resolve this hiding of “Do Not Forward” feature by modifying the registry of the Office. This method applies to version of Outlook 2010 to Outlook 2016 and can also done via GPO.

Modify using registry;

  1. Open Registry edit (regedit.exe) > HKEY_CURRENT_USER > Software > Microsoft > Office > 16.0 > Common > DRM
  2. Create a new > DWORD(32bit)
  3. Name the registry: DisableDNF
  4. Double click on the registry > enter value ‘1’
  5. Close the registry
  6. Close and relaunch the Outlook

After relaunch the Outlook, you could see whether the given method works is creating a new email > options > permission toggle, the “Do Not Forward” has grey out or disable.

Create a new registry
Do Not Forward is grey out