First of all, understand that I also went through trouble with this modern authentication that is turn on and causing you to see “Always prompt for logon credentials” option is grey out under Outlook application. You would like to have app password for your outlook application but got stop to proceed so because of modern authentication. Is also troublesome to have to keep on keying the code whenever you are re-login your Outlook application without the app password setup on your Outlook account.
*Modern authentication only supports 2013 or the earlier release, please refer to reference for further information
Example for Outlook 2016;
Where to see the grey out “Always prompt for logon credentials”?
File > Info > Account settings > Account Name and Sync Settings > Select More Settings > go to Security tab
However, to sign in with app password, there are 2 options;
If you have an existing account in your Outlook application and have “Always prompt for a password to log in” is enabled then you will just have to key in the app password in the prompt panel.
If you are re-adding or add new account then you will have to key in the app password during your setup of the account for your Outlook application.
*These options doesn’t just limit to Outlook application only
So to disable the modern authentication you may need to add-on a registry;
Go to registry
Locate this directory HKCU\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL
If “EnableADAL” registry is not created yet then create it as DWORD and set the value to “0”
If you have already has this registry then just change the value to “0”
Close the registry and restart your Outlook application (by closing and re-open)
You will see the prompt for the credential to log in is shown while you launch your Outlook application
Key in your app password and select remember password
*Is much simple to add registry
*But I recommend that you remove the profile and then re-add
There some customers who are very particular with security and compliance or rights management service. They also would wish to hide all default RMS templates such as, contoso.com – confidential, contoso.com – confidential (View Only) and Do Not Forward, and have their own. Thus, it is easy to hide the contoso.com – confidential and contoso.com – confidential (View Only) templates using the Azure classic portal. However, based on many article I researched on hiding or disable the “Do Not Forward” permission in the Outlook have said “You cannot hide or remove Do Not Forward because it is based on the Office”. So, I came by this article (Reference: https://support.microsoft.com/en-gb/help/2458423/the-message-classification-feature-is-unavailable-when-you-disable-the) to resolve this hiding of “Do Not Forward” feature by modifying the registry of the Office. This method applies to version of Outlook 2010 to Outlook 2016 and can also done via GPO.
Modify using registry;
Open Registry edit (regedit.exe) > HKEY_CURRENT_USER > Software > Microsoft > Office > 16.0 > Common > DRM
Create a new > DWORD(32bit)
Name the registry: DisableDNF
Double click on the registry > enter value ‘1’
Close the registry
Close and relaunch the Outlook
After relaunch the Outlook, you could see whether the given method works is creating a new email > options > permission toggle, the “Do Not Forward” has grey out or disable.