Symptoms

If you type an incorrect set of credentials, and then cancel a password prompt, Outlook may continue to send requests with the incorrect set of credentials. This could cause an account lockout.

Resolution

To fix this issue, install April 2, 2019, update for Outlook 2016 (KB4464502).

After applying it, Outlook 2016 is disallowed to send requests by default during Need Password.

More information

With June 4, 2019, update for Outlook 2016 (KB4464585), the default behavior is changed to enable Outlook 2016 to send requests during Need Password. If you need to revert the previous behavior, set the value of the AllowRequestsInNeedPasswordBehavior registry key to 0.

Registry key

Location: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Security

Value Name: AllowRequestsInNeedPasswordBehavior

Type: DWORD

Values: 

The default value is 3. Any values greater than 2 allow both legacy and MAPI/HTTP providers to send requests during Need Password. This could lead to an account lockout if an incorrect password is supplied.

If the value of the registry key is set to 0, it disallows both legacy and MAPI/HTTP providers to send requests during Need Password.

If the value of the registry key is set to 1, legacy providers can send requests, but MAPI/HTTP providers can't. 

If the value of the registry key is set to 2, legacy providers can't send requests, but MAPI/HTTP can.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×