Outlook may prompt you to enter your Microsoft Account (Office 365) credentials when you try to create a new mail profile or open a configured mailbox. This happens in all modern Outlook 2021/2019/2016 and Outlook Microsoft 365 versions. The fact is that Direct Connect to Office 365 is enabled by default in Outlook. This feature is designed to simplify and speed up the process of connecting to a mailbox hosted on Microsoft 365 (Exchange Online).
Even if you’ve configured Outlook to connect to a mailbox on your on-premises Exchange Server or another non-Microsoft e-mail service (such as Gmail), Outlook will constantly check for a connection to the Office 365 endpoint and display the annoying Modern Authentication prompt for Microsoft Account credentials. Also, if you are using Exchange or a non-Microsoft mailbox service, you may have problems sending and receiving e-mails.
A few years ago, Microsoft rolled out updates to all versions of Outlook (starting with Outlook 2016 Click2Run version), that prioritized autodiscovery requests to Office 365 over all other autodiscovery methods.
Outlook will attempt to connect to the Microsoft 365 cloud connection point and perform an Office 365 AutoDiscover if:
- The
Autodiscover
is not configured/not available for your domain (or if the AutoDiscover response has not been received for a certain period). Direct Connect is used when other methods of finding your mailbox server have failed (URL and SRV record checks); - The connection between your computer and the mailbox server is unstable or blocked by a firewall;
- You have inactive user accounts in Microsoft 365 with provisioned mailboxes.
If you use Fiddler or TCPView, you can see that Outlook tries to connect to autodiscover-s.outlook.com
and outlook.office365.com
when it starts up.
You need to create two registry parameters to prevent Outlook from checking the Office 365 connection point:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\office\16.0\outlook\autodiscover DWORD: ExcludeExplicitO365Endpoint Value = 1
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\outlook\autodiscover DWORD: ExcludeExplicitO365Endpoint Value = 1
You can create these registry settings manually, or use the commands below:
reg add HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover /t REG_DWORD /v ExcludeExplicitO365Endpoint /d 1
reg add HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\office\16.0\outlook\autodiscover /t REG_DWORD /v ExcludeExplicitO365Endpoint /d 1
Restart Outlook and make sure that the Microsoft Account login prompt is no longer displayed.
rundll32.exe keymgr.dll,KRShowKeyMgr
In an Active Directory domain, you can enable this registry setting by using the GPO:
- Install the Group Policy administrative templates (ADMX) for Microsoft Office (https://www.microsoft.com/en-us/download/details.aspx?id=49030);
- Create a new GPO in the Group Policy Management console (
gpmc.msc
) and assign it to an OU with users; - Navigate to User Configuration -> Administrative Templates -> Microsoft Outlook 2016 -> Account Settings -> Exchange;
- Enable the Disable AutoDiscover Group Policy setting and check the box next to Exclude initial check to Office 365 Autodiscover URL;
- Check to see if Outlook keeps asking you for your Microsoft Account password.
DisableAutodiscoverV2Service=dword:00000001
under HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\autodiscover.
Thanks a lot, we were fighting for days with this issue!