Exchange Online MFA and Outlook 2016 Password Repeatedly Prompts

16 Apr

We’ve been using Azure MFA cross the board for some time now, and all had been good. Since a password change, one user experienced an odd issue with Outlook 2016. O/S and Office all running the latest builds but after entering their password and approving the MFA request, it would just re-prompt for the password, again and again.

Tried the obvious restart and clearing cached credentials. I came across this post which seems to have helped in this one case. In short by modifying the WAM, Web Account Manager settings.

By adding this reg entry and then restarting Outlook, all was good again. I will keep monitoring the issue, but so far it seems to be an isolated case.

By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds later than 15000 (Windows Version 1703, build 15063.138). 
Workaround:
[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001 
The regkey disables WAM use in Office, which can degrade the auth experience (users will see legacy UI and may be prompted more in other cases, so it's only recommended if the situation is blocking). We highly recommend deleting the regkey once the fix is out.
The fix for Windows 10 should be shipped early next year, I%u2019m now trying to check ETA.