Office 365 continual MFA Loop

It's a know issue with no fix yet. M$ will have to patch this at some point to fix it. The only fix is what you are doing now or a complete wipe and reinstall.

@gatech-comm do you have any other details on the issue, when it started etc? We were stable up until about 10 days ago when we started seeing the issue. On Windows machines we started seeing it a couple of weeks ago...

Doesn't seem to affect everyone but a significant number..

We are seeing this as well. What we've found is that if you do the keychain stuff from this link

Trouble shooting Office for Mac 2016

...the issue gets resolved.

@mapurcel I noticed once the the 15.29.xxx updates were released. Prior on 15.28.x everything seemed fine. I'm not sure if it's a direct correlation, just when I noticed.

@gatech-comm thanks, that helps
@tdclark yeah just deleting the ADAL entries works for us, did this problem surface for you recently? Were you able to correlate to a particular version of Office?

@mapurcel 15.29 is when I started seeing it on my, and on my users, computer(s).

We have been seeing the same thing and use Okta for authentication. The loop seems almost exclusive to Outlook 2016 as users aren't receiving prompts in the other Office 2016 apps. As others have suggested here and as Okta suggests, the issue only seems to get resolved when deleting MS ADAL keychain entries. Hopefully there is a more permanent solution soon.

This issue may be the same one Microsoft has identified and will be fixing. From @pbowden in the #microsoft-office channel on Slack:

yes, the bug has existed for a long time, but the holidays have really exacerbated the problem. The issue typically occurs when a user attempts to auth using Outlook for Mac when their AD password has already expired.

Install the latest Insider Fast 15.31 version of Outlook on a test system and see if the problem persists. This version is suppose to address the issue and is slated for release next month.

In the meantime, Paul's script NukeOffKeychain on GitHub may help.

My password had not expired, and we don't have expiring passwords here on campus (for the most part). I can confirm this morning that the problem still exists in 15.30 as I had to go through the keychain delete "stuff" process first thing.

Hopefully 15.31 fixes it.

@talkingmoose that issue sounds a little different, in our environment its definitely not related to expired passwords. Also interesting to note that the same problem exists on Windows, which makes it a big issue in our company. We're testing a Windows Office update that may fix it...

we were having the same issue, thankfully Paul Bowden from Microsoft posted this on his github.

https://github.com/pbowden-msft/NukeOffKeychain

Slack is a great place to have your microsoft office issues addressed.

We put this is Self Service and when a user calls we have them run it and there problem is resolved. This issue is supposed to be resolved in February but at least we have a workaround.

Jeff

@jconte thanks! how did you deploy the NukeOffKeychain through Self Service?

@jconte thanks, working great!
@talkingmoose thanks much for the link to the discussion on Slack, although in our environment I don't think its caused by expired AD passwords, it does appear that we are all dealing with basically the same bug.