[Office365] Outlook keeps asking for credentials, network-style

Please note that the solution below might not apply to your situation, as there are a multitude of reasons why Outlook might keep prompting you for credentials. But I’ve found the following to work for to separate organizations now so I though it would be worth sharing.

The issue is caused by Microsoft rolling out new policies which require the use of two factor authentication. But at the same time, your Exchange tenant is not set-up to allow the modern-style authentication. This throws users into an authentication loop which they cannot get out of without changing the Exchange configuration. So what do you need to do?

This setting affects the ability to use the modern OAuth authentication pop-up (the one you know from the browser with the nice background) instead of the old-fashioned network-style login. And when using two-factor authentication, the modern pop-up is the only one which is compatible.

I found that after enabling the setting it’s sometimes necessary to close Outlook and reopen it for the prompt to appear. In rare cases we needed to remove the account and re-add it to Outlook. But from that point on things usually started to work.

Oh, and when you’re at it; enforce multi-factor authentication! Most users are used to it by now from consumer products / applications and it really boosts your level of security by a lot. Hope this helps!

[Office365] Can’t add a new account to Outlook

I helped out a colleague today with this little hack. On a new laptop he installed Outlook, but couldn’t get his Office365 account to work. No matter how often he tried adding a new account, Outlook would spend a few seconds “connecting…” and then came back with “Cannot connect” and some useful tips like “Is this your account” (right, thanks). Important thing to note: Outlook did not re-request any credentials for new attempts… hmmm…


So what’s the trick?

  • Make sure that Outlook is completely closed.
  • Open up Credential Manager, which you can find using the search bar or through Control Panel > User Accounts
  • Click the “Windows Credentials” option
  • Now within that list, find all options related to Outlook, Office365 or Azure AD. Delete them.
  • Don’t worry about deleting too much. You might be prompted to login to certain stuff again, as long as you can do that: you’re good.
  • Now open up Outlook and try again… it might just work now 😉


If this did work, here’s what might have happened:

  • The credential box shown is a network-credential style dialog, in which most users type their account + password
  • If your organisation is using multi factor authentication, this might not work. You need to enter an app password instead, which you can get here: https://account.activedirectory.windowsazure.com/AppPasswords.aspx
  • But in this case, the user password was being stored in the Windows Credentials manager, which was causing Outlook to retry that same password over and over again even though it did not work.
  • Clearing the stored credential will reprompt for a new one, and now you can enter the correct app password and things will be glorious again.


I’m not entirely sure when Outlook chooses to show that network style dialog, I’m pretty sure that newer versions (which this was) can also cope with Azure AD authentication and multi factor logins. Maybe not, who knows. At least the above helped him and if it doesn’t work for you: keep on searching, the answer is bound to be out there somewhere! (or just contact support…)

[O365] Synced security group member without permissions in SharePoint

Had a strange thing happen at my client yesterday. We were working on an Office365 set-up and had created some AD security groups in order to have reusable permission groups across a bunch of SharePoint site collections. We missed one person in the org due to which she was not able to access a site she was supposed to have permissions to. So we added here, but still she couldn’t access the site… weird…

TL/DR version: rebooting the machine fixed the problem. If your first response is: “huh?”, read on…

Read More

[SPO] Creating a ‘modern’ homepage on an old team site

If you’re an Office365 user, you will probably have noticed by now that the new look & feel dubbed ‘modern’ (which is a stupid name, but aight…) is slowly but steadily making it’s way into more and more parts of the overall experience. I like the modern look. It’s crispy fresh, more in-line with modern UI’s like Googles Material and Microsofts Metro Modern UI. As an added benefit, the new look should play well with the SharePoint mobile app, bringing responsive design to the table so pages remain usable on mobile devices.

But what about legacy sites?

Read More

[O365] Deploying a SharePoint theme / branding using JavaScript only

With provider hosted add-ins being introduced in SharePoint 2013, the world of SharePoint devs shifted to using provisioning schemes to get their stuff in SharePoint sites. And this worked, quite well i might add. You might have read my post on SPMeta2 vs PnP (which is a bit outdated I must add). These provisioning engines allow your to provision “stuff” (files, folders, lists, contenttypes, whatever) to SharePoint. Amongst other things, they have one thing in common: they’re built on top of the CSOM (Client Side Object Model) C# SDK. This means that you are forced to run them as a stand-alone task, or deploy a provider hosted app which includes having a server up and running somewhere. So what if you do not want that?  Read More

SP2010: Delegate control for GlobalSiteLink3 not working / showing

I spent quite some time today on a question I was asked. In an existing solution, we added a custom action (button) to the standard menu (the dropdown menu on your account name in the right upper corner of a site). This button was a “Add site to favorites” custom solution. The request was: can we move that button to the same place the default “I Like it” and “Tags & Notes” buttons are? I didn’t think that this would be such a problem. But I was wrong due to my good friend: the Sandbox. Read More