Office 365 – MFA with Outlook and/or iOS Mail not working?

Multi-factor Authentication (or MFA) in Office 365 is an incredibly great way to protect your company’s data, however setting it up can be a pain, especially with various applications and systems. When I first set up MFA in Office 365, I was convinced you were required to use App Passwords for Outlook 2016 and iOS Mail. However, after a good bit of research, fiddling, and experimenting, I discovered the solution was much, much easier than I realized. 

So here is a (brief) overview of how to set up MFA in Office 365, and have it work in Outlook and iOS Mail. [Note: this is written assuming you are using iOS 11 or later, where OAuth 2.0 is fully implemented.]

Fire Up PowerShell

The only way to have Outlook 2016 and iOS Mail work with Office 365 MFA is to enable OAuth 2.0 in your tenant. Though documentation is sketchy, is appears that all newly created tenants in 2018 have OAuth 2.0 enabled by default. However, it cannot hurt to check. 

  • Log into your client via PowerShell:
Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session
  • Then, confirm whether or not OAuth 2.0 is enabled:
Get-OrganizationConfig | ft -Property *OAuth2ClientProfileEnabled*
  • If it shows as false, simply type:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

This will take a few minutes to fully propagate through your tenant. However, once this is done, you will be able to turn on MFA for your users, and they will be using the standard OAuth 2.0 to set up MFA, instead of App Passwords. 

But what if I have users already set up? 

OAuth 2.0 is the default method to connect via MFA for Outlook 2016. Thus, once it propagates out, once a user closes and reopens Outlook, it should prompt them for the MFA credentials. 

For iOS on the other hand, it is not as clean. As of iOS 12, the easiest method to force it to use OAuth 2.0 instead of an App Password is to delete and re-add the Exchange account.

About: Adam


3 thoughts on “Office 365 – MFA with Outlook and/or iOS Mail not working?”

  1. Hi, I just want to say that this post saved my life during a deployment and hours and hours of troubleshooting and headache.

  2. An outstanding share! I’ve just forwarded this onto a co-worker who has been conducting a little homework on this. And he actually bought me dinner because I stumbled upon it for him… lol. So let me reword this…. Thanks for the meal!! But yeah, thanx for spending time to talk about this issue here on your web site.

  3. I just went through this process and it also seemed to me we would need to use the App, which is not the case.

    Also, my Outlook client kept “Not Responding” until I ran your commands above.

    So, thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *