We had an Australian client who upgarded from M365 business standard to M365 E5 license, and we have also activated multi-factor authentication for all the users in the tenants. All are working as expected without issues, until we need to setup Windows device for new employee, where “Something went wrong and Outlook couldn’t set up your account” error comes up without even asking for password for an MFA enabled employee. We scratched our head for so long and then decided to turn off MFA for that user, and of course, it solves the issue and the user can login as normal.

While MFA can be re-activated for the user afterward, it is a workaround, not a solution. Searching on the web and the official thread from Microsoft support forum return no good solution for the issue. Most suggest we need to turn on modern authentication – which is the case if using version of Outlook 2016 below – but we don’t think it would be an issue for Outlook 365. Some suggest the autodiscover of the domain was not set properly, but if that’s true, it won’t work even if MFA was turned off.

In summary, the 3 suggested solutions we found does not work in our case, and they are:

1. Make sure you have internet connection, and you are using a public DNS such as Google DNS so the domain is resolved correctly.
2. If you are using Outlook 2013 or older, you need to set registry keys to enable modern authentication.
3. Make sure the DNS record for your domain are correct, especially the CNAME record for autodicover.

The solution that work for us:

Enabling organisation wide setting OAuth2ClientProfileEnabled using Powershell. It a setting only accessible using PowerShell. The setting was false by default, all we need is to set it to true.

See the tutorial below to enable the settings if you face the same issue after MFA enabled.

Solving Outlook 365 error – Something went wrong and Outlook couldn’t set up your account after MFA is enabled on M365 / Azure AD

First, Launch PowerShell as administrator

Then, run the code below

Install-Module ExchangeOnlineManagement
Import-Module ExchangeOnlineManagement
Connect-ExchangeOnline
Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Explaination:
Install “ExchangeOnlineManagement” PowerShell Module, which provides a set of function to connect to the tenancy and to set the Exchange Online settings. If ever asked to trust the repository, Press [Y]. A login prompt will display once the “Connect-ExchangeOnline” is executed. Log into an account with Global or Exchange Adminstration Priviliege. the last command will enable the OAuth2ClientProfileEnabled settings, which the Outlook client can use to carry out MFA authentication.

Need some professional help?

If you ever need assistance with deployment or management of M365 products, Concentric Digital is Microsoft Certified Partner, Microsoft 365 Cloud Service Provider (CSP) and Authorized Surface Device Reseller. We can help your business to adapt to Microsoft Cloud, and improve the productivity of your organisation. From Microsoft Sruface and M365 deployment to mobile device management (MDM), our deployment services ensure the devices will be delivered with only the build and software your workers need and nothing they don’t , and devices are built in accordance with your security policies and industry best practices. Interested? Contact Concentric Digital for obligation free consultation.

Face the same Outlook 365 authetication issue with MFA enabled, but has another solution instead? Let us know by leaving us a comment.