How To Login In Outlook

[Eleanora Parrot]

Havingan issue where user of WVD Windows 10 Multi-session have issues moving between hosts. Essentially first login on a host is fine, when the user moves to a new host outlook eventually says "need password" however the modern authentication prompts are never presented to the user.

Is there a problem with permissions in the credential manager? Because it contains a lot of entries for ADAL, almost seems like it cannot update the 1 existing entry and goes haywire after x amount of time.

we also get this issue by disabling modern auth it stops users outlooks from disconnecting every hour or so however when there password expires thats when it really becomes an issue. Due to our users making use of SharePoint and Onedrive we are unable to make use of the basic auth functions due to modern authentication being required to access these services. I can get it to open a new window if i put in something similar like a .onmicrosoft.com and then change the address after however this doesnt always work.

The issue that we see is that when a users password expires or they need to authenticate to outlook they would put their email address in or they would click on enter password and the popup would appear and then immediately disappear.

1. ensure devices are appearing as azure hybrid devices in azure active directory (365 side) the devices need to appear as hybrid devices if you are using standard ADDS join and not Azure ADDS. This is due to the fact that users upon sign in need to update device registration when they go to sign into 365 services.

once the above are configured my issues simply went away as much as i tried to break it i couldn't do so. The pre req's on the what is windows virtual desktop is not clear which is why i didn't set the devices up as hybrid devices.

we have currently setup 2 DC's in the Azure Datacenters we operate out off. one of which has AD connect. we also have however on premise DCs with one of those with AD connect. One of the Azure DC's is the PDC now which has AD connect running on it.

It shouldn't matter however where you have AD connect running from as long as it has line of sight of the domain controllers to be able to read and sync the relevant changes to and from ADDS to Azure ADDS.

I would it expect that the ADDBrokerPlugin isn't installed, if so, try to manually register the app:

Add-AppxPackage -Register "C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Appxmanifest.xml" -DisableDevelopmentMode

Appreciate you may have looked at this already, but I had exactly the same issue - Outlook password box not surfacing correctly to the user in a WVD Win10 session with FSLogix configured. User's shouldn't have been challenged for a password at all.

For me, the issue was that the WVD session host OU was excluded from synchronisation in the AD Connect console. As soon as I enabled synchronisation for the OU, the problem went away. Transparent sign in, no password prompts.

@Tom_A_MSFT

The command to register the AAD Broker plugin works but does not persist after logoff/logon. Additionally, all new profiles need this command to be ran. We have implemented a login script that runs the AAD Broker plugin registration command which is keeping Modern Auth working for all users at this point but we cannot seem to get to the root cause. We have engaged Microsoft support and our partner resources but the issue doesn't seem to be able to be replicated with a standard gallery image.

I'm suspicious of FSLogix. I'm going to test disabling FS Logix and see if local profiles do not have the issue. However, we've simply set everything up per MS documentation on our Win 10 multi-session image, installed Office in shared activation mode per the WVD documentation, then snapshot, sysprep, and re-deployed using the WVD deployment template and our custom/sysprep image. We've also gone back to the bare basics in terms of the FS Logix GPO after tinkering with various settings.

I will update this thread as we learn more but any new information would certainly be appreciated. I'll just state the obvious here but turning off modern authentication through the registry is not an option for our MFA enabled accounts.

I've also found a past issue where FSLogix was having issues with edge and the solution was to register the appx package for edge.

Article on FSLogix forum here:

-US/d18184fe-a703-44e8-a4d3-f824ed10eeb6/ed...

I'm not sure if anyone else has noticed additional appx package issues. We also see a black screen at login for users due to app readiness service. We are also seeing failures for some of these additional appx packages (which can be temporarily fixed by registering again in PowerShell).

Faulting application path:

Click Sign Out under user information. Now, you'll notice that clicking 'sign in' will not work with the current user information, it will just keep failing. Log in with another account (an administrator account or whatver you'd like). It will go through the process of signing in, but will eventually popup an error message as you cannot have two different accounts signed in. Close that error window...but, low and behold, it will ask you to sign into office again. At this point, put the normal user's email and password in again and it will prompt to manage this device/etc. Click through all of those screens and let it do it's thing and you should be good.

I can easily reproduce the issue when using the FSLogix profile service and logging in to the brokered WVD service with the Remote Desktop app, but if I login to the WVD hosts directly using MSTSC, and get a local profile, the issue cannot be reproduced.

We rebuilt the entire host pool using a method given to us directly from a WVD Architect. We configured a new profile UNC path and the issue is back 3-4 days later. We went from 60+ registered Appx packages to maybe a dozen or more. The strange thing now is that the Azure AD Broker plugin is registered but we're seeing the following Azure AD Broker error in the event viewer (see screenshot):

Any email apps you have setup will need to be configured with this login id and password, this includes mobile and desktop clients (MS Mail, MS Outlook). Visit O365/MFA Implementation FAQ for more information on how to set up your device.

I have the Asana Add-in for Outlook Online/Web version. The icon shows up for me to add tasks, but I am unable to login to the add-in when prompted in Safari. I am already logged in to Asana in Safari, but when I try to log-in to the Add-In in outlook a pop-up page shows, asks me to log-in, then closes and I am not logged in.

Hi, anytime we enable "web security" as recommended on the main dashboard of prisma access, MS Teams and outlook stop working. Outlook throws up certificate errors and teams refuses to connect. Upon investigation it looks as though the traffic is being decrypted and this is causing issues. We have put in bypass decryptions for the "worldwide 365 URL" and "worldwide 365 IP" lists in our network security decryption policy. However the logs clearly show this traffic is still being decrypted and breaking the application. It appears that the "web security" feature / policy later is overriding anything set at the network security layer with regards to encryption.

Ohio University strives to make its digital resources and services accessible to all visitors, including those with disabilities who may also be using assistive technology. If special steps are necessary in order to improve the accessibility of experiences for end-users, those steps must be taken.

If you experience a barrier that affects your ability to access OHIO websites, videos, online forums, documents, or other information technology, please let us know.

For further information about OHIO's digital accessibility resources, see:

When you receive an email from an external sender (anyone outside of ohio.edu), the email will include a yellow banner at the top, warning you to use extra caution when clicking links or opening attachments. The warning is designed to reduce phishing attacks, which are fraudulent emails, often designed to look like official University communication, that trick users into disclosing sensitive information or opening attachments that install malicious software.

When you receive a suspicious email, you can report it as a potential phishing attack directly from your email application. Reported phishing and junk messages are sent to both to OIT and Microsoft, where they are reviewed to improve the effectiveness of spam filters.

When you click a link in an email message, SafeLinks uses an automated Microsoft service to verify that the link's destination is not malicious. If the link appears to be malicious, the service will display a warning and prevent the linked site from loading. If you are using Outlook, you can view the actual destination of a SafeLink by mousing over it. If this does not work, or if you are checking your mail from a non-standard email client, you can use our SafeLinks decoder (OHIO login required) to view a link's destination.

Email is not a proper method to share sensitive data with external parties. To reduce the likelihood of sensitive data disclosure via email, Ohio University has enabled Microsoft 365 Data Loss Prevention (DLP) for Catmail. Automated DLP scans can help reduce the risk of distributing sensitive data; however, it is still your responsibility to handle that data appropriately.

Respecting privacy - DLP scanning is automated. An Information Security analyst will only access a copy of a message if DLP flags that message as containing a large amount of sensitive data.

If DLP detects one or more Social Security numbers in an outgoing email, the service will block that message and notify the sender of the issue, either with a Policy Tip or through a rejection message.

3a8082e126