![outlook identity registry key outlook identity registry key](https://1.bp.blogspot.com/-9VG6RoMD5gA/XbbyAmIGrzI/AAAAAAABBAQ/kv54MQD81fsCrnYhMsRjjtius_KMw_EywCLcBGAsYHQ/s320/dJUGIusmh7.png)
Nevertheless, I am posting it here in case it works for you. Unfortunately, I have never had any luck with this solution. One solution Microsoft provided was to add a registry key to Outlook, which would force it to use modern authentication for autodiscover. Once saved security defaults will be enabled and basic authentication will be blocked. Once you have migrated all mailboxes, repeat these steps but select Yes. From the Enable Security Defaults pop-out, toggle the Enable Security Defaults setting to No. From the left navigation, select Properties.Ĭlick the link Manage Security Defaults. Should you want to disable the security defaults in your tenant log, into the Azure Portal (). This is significantly better than reducing the security posture of your tenant. For this scenario I highly recommend switching all mailboxes to MAPI over HTTP before migrating to Exchange Online. This means all Outlook clients, regardless of version, are using RPC over HTTP.
![outlook identity registry key outlook identity registry key](https://i.stack.imgur.com/5qMgM.png)
Your mailboxes are hosted on Exchange 2013 and newer, and you have not enabled MAPI over HTTP.This means all Outlook clients, regardless of version, are using RPC over HTTP, and by extension, will try to make an initial connection to Exchange Online with basic auth and fail. Exchange 2010 only supports RPC over HTTP. Your mailboxes are hosted on Exchange 2010, which does not support MAPI over HTTP.One possible workaround, which will temporarily lower the security posture of your tenant (and is not recommended), is to disable the security defaults in the tenant. Workaround: Disable security defaults temporarily (not recommended) This not only improves your security posture prior to October but also gets you prepared for the retiring of basic auth. Tip: While not the focus of this article, I highly recommend working towards disabling basic auth on as many protocols as you can before the October 1st, 2022 deadline. Based on the selections in the screenshots, Outlook clients are still permitted to use basic auth (via either RPC over HTTP or MAPI over HTTP). We can also see which protocols permit clients to use basic auth. The screenshot below shows that modern authentication has been enabled (but it is not enforced). If security defaults have not been enabled in your tenant, the modern authentication pop-out will have configurable options. The screenshot below shows the message that security defaults are enabled, indicating that modern authentication is required and basic auth connections are blocked. The Modern Authentication pop-out will identify if security defaults have been enabled.
![outlook identity registry key outlook identity registry key](http://blog.icewolf.ch/images/blog_icewolf_ch/201607/ADAL_Outlook_03.jpg)
From the Services tab, select Modern Authentication. From the left pane expand Settings and select Org Settings. To determine if security defaults are enabled in your tenant.
Outlook identity registry key how to#
How to check if Security Defaults are enabled (modern authentication is enforced) This article explores how security defaults, which Microsoft has been enabling on all new tenants to block basic auth, could also prevent Outlook clients (leveraging RPC over HTTP) from reconfiguring after migration to Exchange Online. This is due to MAPI over HTTP supporting modern (and basic) authentication. On the other hand, Outlook clients leveraging MAPI over HTTP would reconfigure without incident. This is due to RPC over HTTP not supporting modern authentication. In a previous article, we discussed how a conditional access policy blocking basic authentication prevents Outlook clients (leveraging RPC over HTTP) from reconfiguring after a mailbox migration to Exchange Online.