This how-to article also appears in my podcast.
You are facing issues when trying to login to Microsoft 365 apps, such as Outlook 365. Some common symptoms of the issue are the following:
- Unable to sign in: Repeated password prompts, “Credentials Needed”, or “Needs Password” statuses.
- Sign-in window doesn’t show up, is blank, prematurely disappears, or gets stops working.
- Specific errors are displayed in Office apps or the sign-in user interface.
This login and authentication issue has come up to various customers using Microsoft 365 inside an EUC environment, such as Citrix Virtual Apps and Desktops running on Windows Server 2019. The issue does not occur in Windows Server 2016. The issue in this case manifests with the password not being displayed for Offi9ce 365 apps in Citrix VDA servers running Windows Server 2019.
Microsoft does not recommend to disable ADAL or WAM, even though this can resolve the above issues. Instead Microsoft recommends the following course of action.
- Manually sign-out of all accounts in the Office app, then restart the app and sign-in again.
- Reset the Office activation state.
- If you experience device issues, for example, the device is deleted or disabled, follow these recommendations.
- If the investigation suggests that an authentication process is experiencing network or connectivity issues, then these steps will be helpful. Additionally, you can reset Internet Explorer Options, and then try signing into Office again (go to Tools > Internet Options > Advanced > Reset Internet Explorer Settings). After resetting Internet Explorer Settings, you will lose any custom settings.
- In some cases, Microsoft Azure Active Directory, or MSA WAM plugins may be missing on the device that blocks user from signing into Office. Follow the steps in Fix authentication issues in Office applications when you try to connect to an Office 365 service to restore the plugins and avoid removing them in future.
- See Connection issues in sign-in after update to Office 2016 build 16.0.7967 on Windows 10 for information about troubleshooting other commonly occurring sign-in issues.
Background information #
Microsoft 365 apps (for example, Office client apps) use Azure Active Directory Authentication Library (ADAL) framework-based Modern Authentication by default. Starting with build 16.0.7967, Microsoft 365 apps use Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138).
ADAL enables sign-in features such as Multi-Factor Authentication (MFA), smart card, and certificate-based authentication for Office client apps across different platforms. Furthermore, on Windows devices, some of the security-related features are available exclusively via WAM and are otherwise not possible. Additionally, all future innovations will be implemented on WAM.