I have encountered some people who have constant problems logging into Microsoft/Office 365. Most often it’s been a user misunderstanding, which means they enter panic mode and start clicking and resetting passwords in a desperate attempt to get the prompts to go away. No one should have to go through that type of frustration and aggravation. The biggest problem that I see with Microsoft 365 login is that the user has gotten confused as to what password they should be using. Maybe they have a corporate login for Microsoft 365. But it says Microsoft account when the login screen comes up, so they enter their personal login. Then they go back and forth entering corporate in the personal spaces and personal in the corporate spaces hoping for the best. At some point they give up and change their password. Now their phone is having login trouble too. Sound familiar? In this article I’m going to highlight some of the scenarios that cause login issues and offer a few solutions and troubleshooting tips.
Clear the saved Windows Credentials
If you’ve had a situation where passwords have changed in rapid succession or users have entered the wrong password in the wrong place repeatedly then it’s entirely possible that by now the saved Windows Credentials are confused too. The best thing to do it delete them. Next time you log in, it will cache them again for you.
To do this, open Credential Manager from Control Panel by just typing the word Credential after hitting the Windows key. Notice everything that references Microsoft online, and all those “msteams” items, too. There’s a bunch of them. Delete them all.
Confusion of personal and corporate IDs
There’s no great way to stop the confusion here. But something that can help is to make sure that you have customized the Microsoft 365 login screen. That way when they type in their credentials they will have a visual indicator that it’s the business that they are logging into. And on a security note, they’ll know that they aren’t logging into a spoofed page too.
To customize your login page, you need to be a subscriber to one of the more advanced suites. If you are, then go into the Azure management console and select Branding. You can add some verbiage, logo, and picture that will let employees know they are in the right place and need to enter their business password.
Noticing the ‘Need Password’ notice in Outlook
Very often when we get a call that someone didn’t receive an email it’s actually because Outlook is offline and requesting a password. But the password request is so subtle that they never noticed.
The solution to this is to train the users to glance at this bottom right corner of Outlook from time to time. They should then click it and enter their corporate credentials if it ever says Need Password.
Wipe out app passwords. Then eliminate app passwords
For a long time, Outlook required an app password because it didn’t understand multi-factor authentication. Those days are long gone but if you were an early adopter of Microsoft/Office 365 then Outlook might not be enabled for modern authentication. Which means that after you’ve enabled MFA, Outlook will start repeatedly prompting for credentials. Many IT people then created an app password for Outlook to use. But it’s time to get rid of that. Modern authentication is safer and won’t go corrupt on you as an app password might.
Use the Microsoft/Office admin portal to wipe the app password. Then open PowerShell connect to your Microsoft 365 tenant and use this cmdlet to enable Outlook for modern authentication:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
It’s possible that login prompts are an indication of corruption in the application. The best course of action to repair Office. Gone are the days where this is an hours-long process. It can now be done in just a few minutes.
There are two options for repair. There’s quick repair, which I’ve never had success with and Online Repair, which I’ve always had success with. Your results may vary, but I always use Online Repair now. To find the repair tools go to Apps & Features, scroll down Microsoft Office, and click the modify button. Once you give your approval you’ll get the repair options dialog.
Use the Troubleshooting Tool
Last but far from least, there’s the Microsoft Support and Recovery Assistant for Office 365. Microsoft designed this tool to eliminate calls into its support center and it does a great job at it. It will analyze every function of your Office 365 environment and make the necessary changes to get things working again.
Download this tool from Microsoft. The tool resolves a range of problems which are listed below. When you launch the tool you’ll be asked to pick the issue that applies most closely to what you are experiencing. Because this tool is very thorough expect it to take 15-20 minutes to run, sometimes even longer.
Preempt Microsoft 365 login problems
We can also look at preempting problems by implementing ways to reduce the use of passwords at all. First we need to admit that no one loves managing passwords. They are easy to forget and often lead to confusion. While we can’t yet eliminate passwords, we can move toward this ultimate goal and do so while enhancing security.
- Use branding to help clarify to the user that they are to enter their corporate credentials. I mentioned this one above. Not only does it cue them to enter the correct password but it also adds to security by letting them know that they are in the right place and not on some spoofed page.
- Implement MFA and nonexpiring passwords. MFA is free in all Microsoft 365 accounts now so there’s no excuse for not using it and once you do go ahead and make passwords never expire. The recommended solution is to tie it to the Authenticator App, which can then also be used for all of their MFA needs across most SAAS apps. I use it for Slack, Facebook, WordPress, Amazon, QuickBooks, and about a dozen others applications too. The Authenticator App is available in all of the mobile app stores. Now when they are prompted for login, your users will not need their password and can just accept the “Allow” prompt on their phone.
- Workplace Join with the PC to simplify login. You can use this feature even if the computer is joined to a domain. Windows 10 has the ability to do both at the same time. The advantage is that they’ll be able to login automatically since the device will be trusted as part of the join. Further if they have a device whose camera meets the standard necessary for Windows Hello, they can use their face to login or if not, implement Windows Hello anyway and have their use the PIN with MFA. The PIN is actually safer than the password because the PIN keeps the password safely in the credential store.
- In the future use password-less login. It’s coming. MFA and Windows Hello are a step in that direction. Very shortly we’ll be using FIDO2 based USB devices or some other fob to login and passwords will be a thing of the past.
Passwords have been around for centuries and people have been losing them for that long too. Even the Romans used encryption to try to protect their passwords. Both passwords and password encryption have outlived their function but in the meantime I hope that these troubleshooting suggestions for your Microsoft 365 login problems will help your users get back to work.
Make your IT business better than the competition. Help for IT Pros, TechYourBooks, Super Secret News, Women in IT Scholarship program, Ransomware Prevention Kit, 365 Security kit and more. https://www.thirdtier.net