“Needs Password” shown in lower right side of client
No folders updated
When you click on “Needs Password” M365 sends you a text code. You input it, nothing happens and this loops.
By default, Microsoft Office 365 ProPlus (2016 version) uses Azure Active Directory Authentication Library (ADAL) framework-based authentication. Starting in build 16.0.7967, Office uses Web Account Manager (WAM) for sign-in workflows on Windows builds that are later than 15000 (Windows 10, version 1703, build 15063.138). There are generally two problems we see WAM causing:
Users unable to authenticate (particularly after a password reset)
WAM introduces new requirements for Identity Providers (IdP) used to federate Microsoft 365 (O365) logins. When a Windows 10 workstation is joined to an on-premise Active Directory, WAM/M365 requires the IdP to support the WS-Trust protocol. Currently this is not supported in the Duo Access Gateway (DAG). When a user’s access/refresh tokens become invalid, such as after a password reset, the WAM framework tries to re-authenticate the user. The expected end-user experience is a popup window showing the login page of the IdP asking the user to re-authenticate. When the IdP is the DAG, this process will fail causing the user to be unable to re-connect to M365 with applications such as Microsoft Outlook. The user will see the authentication window open briefly then immediately close while Outlook continues to show the message “Need Password”.