Solution for adding Microsoft 365 to Outlook


This blog post was published on Thursday 9 July 2020.

I’ve been seriously struggling with a fairly major problem. I have Microsoft 365, and I haven’t been able to add an email account to Outlook on my PC for a couple of years now - since I enforced Multi-Factor Authentication (MFA). Every time I try it fails, telling me rather unhelpfully, ‘something went wrong’. Thanks, Microsoft. Your own email system, your own email app... and that’s the best you can do?

Anyway, I tried with multiple accounts. I tried using app passwords (getting stuck in a constant authentication loop ‘please enter your password’). I tried using Mail in Control Panel. I tried using the troubleshooter - which even had the temerity to tell it had succeeded - when I opened Outlook? Authentication loop. Most recently I even tried registering my PC to the organisation - none of it worked! (I will add: it works fine on the Mail app, Outlook for iOS, and on my Mac...)

I finally managed to work out a solution - hopefully this will help someone wlese!

1. Registry Settings

Before you do anything you need to check some registry settings, to make sure the MFA PowerShell connector for Exchange will install.

Open regedit.exe and navigate to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft.NETFramework\Security\TrustManager\PromptingLevel

All my values were set to ‘Disabled’, but what you’re looking for are settings like these (if you are unsure about security implications, I suggest you leave them all as ‘disabled’):

2. Exchange PowerShell Module for MFA

Now log in to your Microsoft 365 tenant and go to the Exchange admin centre: https://outlook.office365.com/ecp. The trick here is that you need to use Internet Explorer or Edge. Click on ‘Hybrid’, which takes you to the Setup page. You want the second option to configure your PowerShell to use Exchange MFA:

After you click ‘configure’ it will download a ClickOnce application which will add the required modules. You need to install this - once done it should open a PowerShell window. (This is why you need IE / Edge: if you use another browser you may find - as I did - that you simply download a ClickOnce application that then doesn’t run!)

3. Connect Exchange Online PS Session

If PowerShell does not open immediately, you can run the shell from the Start Menu:

If it’s not there, the module has not been installed correctly so you’ll need to try step 2 again. Once it’s correctly open, you should see a message like this:

Once you have the PowerShell window open, execute the following command:

Connect-EXOPSSession -UserPrincipalName <insert your account here>

This will open the normal MFA login screens - once you’ve signed in the shell will have the credential it needs.

4. Enable Client Profile

Next comes the key command that solves the problem: it enables ‘modern authentication’ for client connections in Outlook 2013 and later. For more information on this, see Microsoft’s documentation here.

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

To verify that the command has worked, run the following:

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

If you see that the client profile is set to ‘True’, you should be good to go! Hopefully you will find, as I did, that now when you add your account to Outlook, it all sails through without a problem.

Good luck!