[Office365] Can’t add a new account to Outlook

I helped out a colleague today with this little hack. On a new laptop he installed Outlook, but couldn’t get his Office365 account to work. No matter how often he tried adding a new account, Outlook would spend a few seconds “connecting…” and then came back with “Cannot connect” and some useful tips like “Is this your account” (right, thanks). Important thing to note: Outlook did not re-request any credentials for new attempts… hmmm…

 

So what’s the trick?

  • Make sure that Outlook is completely closed.
  • Open up Credential Manager, which you can find using the search bar or through Control Panel > User Accounts
  • Click the “Windows Credentials” option
  • Now within that list, find all options related to Outlook, Office365 or Azure AD. Delete them.
  • Don’t worry about deleting too much. You might be prompted to login to certain stuff again, as long as you can do that: you’re good.
  • Now open up Outlook and try again… it might just work now 😉

 

If this did work, here’s what might have happened:

  • The credential box shown is a network-credential style dialog, in which most users type their account + password
  • If your organisation is using multi factor authentication, this might not work. You need to enter an app password instead, which you can get here: https://account.activedirectory.windowsazure.com/AppPasswords.aspx
  • But in this case, the user password was being stored in the Windows Credentials manager, which was causing Outlook to retry that same password over and over again even though it did not work.
  • Clearing the stored credential will reprompt for a new one, and now you can enter the correct app password and things will be glorious again.

 

I’m not entirely sure when Outlook chooses to show that network style dialog, I’m pretty sure that newer versions (which this was) can also cope with Azure AD authentication and multi factor logins. Maybe not, who knows. At least the above helped him and if it doesn’t work for you: keep on searching, the answer is bound to be out there somewhere! (or just contact support…)

Web API controller hosted in Azure not respecting [AllowAnonymous]

Working on a project, I encountered a situation I couldn’t wrap my head around. The project includes a (rather simple) ASP.NET Web API project which is published to an Azure App Service instance. Up to now, all of the endpoints I was calling I had secured using Azure AD authentication which is a breeze to set-up. But now wanted to make one specific controller available for unauthenticated calls as well. Normally that’s rather simple, you would just add the [AllowAnonymous] attribute to the controller (or specific action) and voila; authentication would not apply to that one. So I did and published this to Azure only to be returned 401 Unauthorized responses. Hmmm.  Read More