Attempting to build a new profile externally and receive the following Office 365 authentication prompt?
When implementing a new Exchange 2016 infrastructure into a client environment that currently has Exchange 2010, we often find the environment also has Office 365 with Active Directory integration, although Exchange hybrid has not been enabled. Client user accounts exist in Office 365 and are licensed; however, Office 365 is only used for the Office licensing.
After modifying all internal and external client connectivity to the Exchange 2016 environment from the usual redirect to the users’ accounts in Exchange 2010, we find Outlook Web App and Activesync test out successfully but when testing to Outlook Anywhere, the problems begin!
Testing with remote connectivity analyzer came back successful. We used Outlook to test email autoconfiguration and found that it attempts to go to Office 365 even though Autodiscover was configured correctly. So, what gives?
Here’s the Problem
Microsoft enabled a new feature in Outlook 2016 (version 16.0.6741.2017 and higher) that forces your Outlook 2016 to connect to Office 365 when any one of the following happens:
- You have user accounts in Office 365 which are not yet active, but a mailbox has been provisioned due to license assignment.
- Autodiscover does not respond within a timeout period.
- Connection of the computer and the source Exchange server is interrupted or blocked.
Direct Connect’s Hosted Exchange 2016 lets your company communicate and collaborate effectively with shared calendars and contacts on all of your devices. It’s a great feature when you want to incorporate Office 365 for email, but it can be a huge problem when you are in the process of moving to Exchange 2016/2019 or if you are beginning the process to move to Office 365.
Here are Some Solutions
Implement a registry modification to disable Direct Connect
- Go to Registry Edit on each computer
- Go to the following path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover
- Create or Set the DWORD: ExcludeExplicitO365Endpoint to Value : 1
- Restart the computer
Open the corresponding user account in Office 365 and disable mapi
- Go to powershell with the following command: Set-CASMailbox -Identity “NAME” mapienabled:$false
- For detailed syntax and parameter information, see Set-CASMailbox.
After performing one of these workarounds you may need to create a new profile that connects to the source. A new profile may be required because the msExchMailboxGuid of the source server is different from the msExchMailboxGuid in Office 365.
Note: if you are migrating to Office 365 the solutions above should be reversed.
Jake Eker | PEI