A widespread problem is when Outlook keeps asking for the user credentials, even if the correct password is specified. After starting Outlook successfully connects to the on-premises Exchange server (or Microsoft 366/Office 365 mailbox), the user sees a list of folders in the mailbox and new emails in the Inbox folder. But after a few minutes, a window appears for entering the user name and password. The user enters the password and presses OK, but the window with the prompt to enter the credentials appears again and again. By clicking the “Cancel” button, the user can continue to work with Outlook, and after a while, the password request window pops up again (sometimes the user account may be locked). The problem occurs in different versions of Outlook (2019/2016/365) and Windows (there was a problem in both Windows 7/8.1 and Windows 10/11).
When such a problem occurs, HelpDesk team members usually try to re-create the mail profile and/or repair/re-install Office. But this usually does not help. Outlook still requires the user to enter a password at some interval.
Let’s take a look at a few tips to help you get rid of the annoying password prompt in Outlook.
- Check that the user enters the correct password and the user has not forgotten it 🙂 ;
- Specify the user’s full login in the UserPrincipalName format (
- Also, try to connect to your mailbox through the web interface (OWA) and sign in. Perhaps the problem is that the user password has expired (the password has expired according to the domain password policy settings) and must be changed.
Clearing Cached Credentials for Outlook on Windows
Check if you have Outlook saved credentials (passwords) stored in Windows Credential Manager, try to remove them all. To do this, go to Control Panel\All Control Panel Items\User Accounts\Manage your credential -> Windows Credentials. Find the saved passwords for Outlook/Office in the Generic Credentials list and remove them.
To directly access Credential Manager, run the command:
Disable the “Always Prompt for Credentials” Option in Outlook
Open your Outlook Account Settings (File -> Account Settings -> Account Settings), double click on your Exchange account. Go to More settings -> select Security tab. Clear the checkbox Always prompt for credentials in the User identification section. In this case, Outlook will first try to use the cached credentials to access the mailbox.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Outlook\Security Type: Reg_Dword Name: PromptForCredentials Value:0
Prevent internet connection in the Office Trust Center settings:
- In Outlook, select File -> Options –> Trust Center-> Trust Center Settings;
- Go to the Privacy Options;
- Uncheck the option Let Office connect to online services from Microsoft to provide functionality that’s relevant to your usage and preferences. In Outlook 2013, this option is called Allow Office to connect to the Internet;https://docs.microsoft.com/en-us/outlook/troubleshoot/authentication/password-prompt-at-every-start-or-cannot-create-profile
- If you are using GPO administrative templates for MS Office, this setting can be configured with the policy parameter Online Content Options = Do not allow Office to Connect to the Internet under the following GPO section: Administrative Templates -> Microsoft Office 2016 -> Tools | Options | General | Service Options -> Online Content.
If you have a Microsoft 365 (Office 365) mailbox connected in Outlook, this tab should have an additional field Logon network security. Make sure Anonymous Authentication is not selected here.
Disable Office 365 Autodiscover in Outlook
Somewhere in the fall of 2016, an update was released for Outlook 2016 that enabled a mandatory check of the connection endpoint in the Microsoft 365 (Office 365) cloud. You can verify this by using the Fiddler or TCPView tools to monitor the attempts to connect to the autodiscover-s.outlook.com and outlook.office365.com servers.
If you are using a non-Office365 mailbox or an on-premises Exchange mailbox, Outlook will try to detect detecting your Microsoft account even though the Autodiscover is not pointed to Microsoft 365.
You can disable this check for an on-premise Exchange Server. Go to the registry key HKEY_CURRENT_USER\Software \Microsoft\Office\16.0\Outlook\AutoDiscover and create a new DWORD parameter named ExcludeExplicitO365Endpoint and value 1. Restart Outlook.
You can make changes to the registry with the following command:
reg add HKEY_CURRENT_USER\Software\Microsoft\Office\x.0\Outlook\AutoDiscover /t REG_DWORD /v ExcludeExplicitO365Endpoint /d 1
Or, using the PowerShell cmdlet Set-ItemProperty:
Set-ItemProperty -Path "HKCU:\Software\Microsoft\Office\16.0\Outlook\AutoDiscover" -Name 'ExcludeExplicitO365Endpoint' -Value 1 -Type DWORD –Force
The ExcludeExplicitO365Endpoint registry parameter is applicable to Outlook 2016 and 2019 (this key is in addition to the list of keys that determine how Autodiscover is performed when Outlook starts).
Outlook Prompts for Password After Migrating to Microsoft 365 (EOL)
If your mailbox has been migrated from on-premises Exchange to Microsoft 365 or you have two mailboxes connected in Outlook (one from the on-premises Exchange, the second from Microsoft 365/Exchange Online) and you use an RPC connection. In this case, Outlook doesn’t use Modern Authentication (also used for MFA). In this case, your credentials are sent to Office 356 instead of a token. To force Outlook to use Modern Authentication for RPC connections, you need to add the AlwaysUseMSOAuthForAutoDiscover DWORD parameter with the value 1 to the registry key HKCU\Software\Microsoft\Exchange.
Set-ItemProperty -Path " HKCU:\Software\Microsoft\Exchange" -Name 'AlwaysUseMSOAuthForAutoDiscover' -Value 1 -Type DWORD -Force
Make sure Modern Authentication is enabled for your account in the Microsoft 365 Admin Center (Settings -> Services & add-ins).
Suppose on the contrary you want to completely disable Modern Authentication in Outlook 2016/2019/365 (this authentication method should be disabled in the Admin Center) and use basic authentication. In that case, you need to configure the following registry settings:
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity" -Name EnableAdal -Value 0 -Type DWORD –Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity" -Name DisableADALatopWAMOverride -Value 1 -Type DWORD –Force
Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity" -Name DisableAADWAM -Value 1 -Type DWORD –Force
If that doesn’t work, you might have two different Microsoft 365 accounts configured in the Identity registry key. In this scenario, you may receive an error message when you open an Office 365 app: Sorry, another account from your organization is already signed in on this computer.
To fix the problem:
- Log out of your Microsoft account in the Office apps (File ->Account -> Sign Out);
- Clear saved password for
MicrosoftOfficeXXData:XXXin Windows Credential Manager;
- Remove the following registry key HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities (in Office 2016/2019 and Office 365);
- Restart your computer and try to reconfigure your mailbox connection in Outlook.If you see the warning The name cannot be matched to a name in the address list when you configure your mailbox in Outlook, make sure that your account is not hidden in the Exchange address list.
Re-create Your Outlook Mail Profile
If all of these methods above did not help you get rid of the problem, try to delete and recreate your Outlook profile. You can create a new Outlook profile using the Mail icon in the Control Panel or using the
outlook.exe /manageprofiles command.
If nothing helped:
- Problems connecting to your mailbox may be caused by your antivirus/firewall rules. Try temporarily disabling it and check if Outlook continues to ask for a password;
- Poor and unstable network connectivity to the Exchange server and/or domain controller can also be a source of periodic password requests in Outlook. You can test the network performance with the iperf tool;
- If your Outlook is configured to access the Exchange mailbox using Outlook Anywhere (MAPI over HTTP), make sure you have NTLM enabled. At the same time, you need to check the authentication type used for the IIS site on the Exchange server.
If the computer with a problem Outlook is not joined to the Active Directory domain, then, on the contrary, you should try to switch from NTLM authentication to Basic.
- Also, check the computer time, it should not differ from the time on the domain controller for more than 5 minutes. If more, check the NTP time synchronization in your domain;
- Uninstall all previous versions of Microsoft Office on your computer, reinstall Outlook (you can install only specific MS Office applications using the Microsoft Office Deployment Tool), and configure a connection to your mailbox.