Problem

When users try to authenticate a non-browser app to a Microsoft cloud service such as Microsoft 365, Microsoft Azure, or Microsoft Intune from a specific client computer, one or more of the following issues occur:

  • Admins can't authenticate to the cloud service by using the following management tools: - Microsoft Azure Active Directory Sync Tool (on the directory synchronization server) - Microsoft Azure Active Directory Module for Windows PowerShell (on a computer on which it is installed)  

  • Users can't authenticate to the cloud service by using the following rich client applications: - Microsoft Outlook - Microsoft Lync 2010 - Microsoft Office Professional Plus - Microsoft Office applications

When users try to access the cloud service portal by using a web browser from the same computer, the users may experience one of the following symptoms:

  • Internet Explorer can't display the webpage.

  • The user is prompted for credentials before the webpage loads.

Users don't experience these symptoms when they access the cloud service from other computers by using the same user account info. Users can successfully access the cloud service from other computers.

Cause

Usually, this issue occurs on a specific client computer or on a group of client computers. This issue may occur for all client computers only if no computers at the company are set up for the cloud service. Non-browser app authentication may not be fully functional if cloud service client settings aren't implemented correctly.

The following client computer scenarios may cause this issue:

  • Network connectivity to the cloud service is limited.

  • The firewall, proxy servers, or both require local authentication.

  • Prerequisites of the non-browser app aren't met.

  • An old version of the Microsoft Online Services Sign In Assistant is installed.

  • The non-browser app isn't set up for the cloud service.

Before you continue to troubleshoot this issue, ensure that all the following conditions are true:

Solution

Tip: To diagnose and automatically fix several common Office sign-in issues, you can download and run the Microsoft Support and Recovery Assistant.

To troubleshoot this issue, use one or more of the following methods, depending on the likely cause of the issue.

Resolution 1: Network connectivity is limited

Use a browser and try to access http://www.msn.com. If you can't access this website, troubleshoot network connectivity issues.

  1. At a command prompt, use the ipconfig and ping tools to troubleshoot IP connectivity. For more information about how to do this, see the following Microsoft Knowledge Base article:     How to troubleshoot basic TCP/IP problems

  2. At a command prompt, run nslookup www.msn.com to determine whether DNS is resolving Internet server names.

  3. Ensure that the proxy server settings in Internet Options reflect the appropriate proxy server, if a proxy server is used in the local network.

  4. If a Forefront Threat Management Gateway (TMG) firewall is installed on the boundary of the network and the firewall requires client authentication, you might have to install and configure the Forefront TMG client program on the client device for Internet access. Contact your cloud service admin for help.

Resolution 2: Firewall or proxy servers require additional authentication

To resolve this issue, configure an exception for Microsoft 365 URLs and applications from the authentication proxy. For example, if you're running Microsoft Internet Security and Acceleration Server (ISA) 2006, create an "allow" rule that meets the following criteria:

  • Allow outbound connections to the following destination: *.microsoftonline.com

  • Allow outbound connections to the following destination: *.microsoftonline-p.com

  • Allow outbound connections to the following destination: *.sharepoint.com

  • Allow outbound connections to the following destination: *.outlook.com

  • Allow outbound connections to the following destination: *.lync.com

  • Allow outbound connections to the following destination: osub.microsoft.com

  • Ports 80/443

  • Protocols TCP and HTTPS

  • Rule must apply to all users.

  • HTTPS/SSL time-out set to 8 hours

Resolution 3: Prerequisites of the non-browser app aren't met, or the Microsoft Online Services Sign In Assistant is out of date

If certain operating systems or non-browser apps aren't updated with the appropriate prerequisites, they may be unable to access the intended services. Make sure that the computer and the applications meet the system requirements for the cloud service. For more info about Microsoft 365 system requirements, click here:

    Microsoft 365 system requirements

The easiest way to ensure that your computer is updated appropriately for Microsoft 365 is to run the Microsoft 365 Desktop Setup Tool. Follow these steps to install it:

  1. In a web browser, browse to https://portal.office.com, sign in, and then click Downloads in the right pane.

  2. Scroll to the bottom of the page. Under Set up and configure your Office desktop apps, click Setup, and then confirm when you're prompted to run the Microsoft 365 Desktop Setup Tool.

Or, you can download and manually install the required updates and packages from the following Microsoft website:

   Manually install Microsoft 365 desktop updates

Resolution 4: The non-browser app isn't set up for the cloud service

If profiles haven't been created for some non-browser apps, those applications will be unable to correctly access the intended services.

The easiest way to ensure that your computer is updated appropriately for Microsoft 365 is to run the Microsoft 365 Desktop Setup Tool. Follow these steps to install it:

  1. In a web browser, browse to https://portal.office.com, sign in, and then click Downloads in the right pane.

  2. Scroll to the bottom of the page. Under Set up and configure your Office desktop apps, click Setup, and then confirm when you're prompted to run the Microsoft 365 Desktop Setup Tool.

Or, you can download and manually install the required updates and packages from the following Microsoft website:

   Manually install Microsoft 365 desktop updates

Or, you can manually set up application profiles.

Resolution 5: Can’t sign in by using Office 2016 or Office 2013 with modern authentication on Surface Pro 3

This issue was fixed in Windows 10 version 1511. To resolve this issue, install all cumulative updates for Windows 10 from Windows Update. Or—minimally—install the cumulative update for Windows 10:

    Cumulative update for Windows 10 Version 1511: November 10, 2015

If you can't install the update, follow these steps.IMPORTANT: Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, follow these steps to back up the registry for restoration in case problems occur.

  1. In Windows 10, in the search box on the task bar, type regedit, and then press Enter to open Registry Editor.

  2. Do one of the following, depending on the version of Office that you're running:

  • If you have Office 2016, delete the following registry key:     HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity\Identities

  • If you have Office 2013, delete the following registry key:     HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Identities

More Information

For more info about issues with specific non-browser apps, see the following Microsoft Knowledge Base articles:

Still need help? Go to Microsoft Community or the Azure Active Directory Forums website.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.