Been reading a lot of concerns about Outlook login prompts on Reddit, and I’m here to give my solution to this issue. Feel free to share this with anyone who experiences this 🙂
Token issuer type: Azure AD
Resource: Office 365 Exchange Online
Failure reason: Device Authentication Required. This could occur because the DeviceId or DeviceAltSecId claims are null, or if no device corresponding to the device identifier exists.
The following image shows a Sign-In that is interrupted with Sign-in error code 50097.
This begins when you are switching to Exchange Online with Modern Authentication and Outlook app.
When the user login the token is issued to the Device this token gets dropped after 1 hour or so, and needs to re-authenticate for a new token request. Because Azure AD does not know the Device and got to know you first.
Gimme the fix right now
To solve our issue and get this headache solved, go ahead and install the Microsoft Authenticator app when the user gets prompt login next time the Authenticator now register the device in Azure AD and keeps the token active, and you will now see the UPN for the user. This is called a broker, the middle man! 🙂
Single Sign-On (SSO)
So because of our Broker app Microsoft Authenticator, we will now see that all the other apps that need our token now talk with the Microsoft Authenticator app and logs us in.
Remember to disable EAS and other clients with CA since Outlook does not communicate with EAS when we are using Modern Authentication.