Skip to content
Microsoft 365 & Exchange

How to Fix Outlook Keeps Asking for Password in Microsoft 365

Outlook keeps asking for your Microsoft 365 password? Work through cached credentials, modern auth, MFA, and broken profiles with these step-by-step fixes.

MGMCSA Guru Team May 28, 2026 12 min read
Diagram-style cover: an Outlook client repeatedly prompting for a Microsoft 365 password, with Windows Credential Manager and modern authentication in the connection path

Few support tickets are as repetitive as “Outlook keeps asking for my password.” You type the password, Outlook accepts it for a second, then the prompt pops up again. Sometimes it loops forever. Sometimes it shows up once a day for no obvious reason. Either way, the user can’t trust their mailbox and you’re the one who has to make it stop.

With Microsoft 365 the prompt is almost never about the password being wrong. It’s about where Outlook is getting the credential from and whether the token it’s holding is still valid. Once you look at it that way, the fix is usually one of a handful of things: a stale entry in Credential Manager, a broken profile, an MFA or conditional access change, or an Office build that’s behind on modern authentication. This walkthrough goes through them in the order that resolves the most tickets fastest.

Start with a quick triage

Before you start deleting things, spend two minutes narrowing it down. The answers point you straight at the cause.

60-second triage for the password prompt

  • Does it happen on one PC only, or every device this user signs in from?
  • Did the user recently change their Microsoft 365 password?
  • Was MFA or a conditional access policy turned on or changed recently?
  • Is this the new Outlook or classic Outlook (and which Office build)?
  • Does Outlook on the web (OWA) work without prompting in a browser?
  • Are other Office apps (Word, Teams) also asking to sign in?

If OWA works fine but the desktop client keeps prompting, the mailbox and account are healthy and the problem is local to the client. If every device prompts, look at the account and tenant side first: a recent password change, MFA enrollment, or a conditional access rule.

Cause 1: Stale credentials in Windows Credential Manager

This is the one to check first, because it’s the most common and the easiest to fix. Windows caches your Microsoft 365 sign-in so Outlook doesn’t have to prompt every launch. When that cached entry goes out of date — after a password change, a token expiry, or a botched sign-in — Outlook keeps replaying the bad credential. Exchange Online rejects it, and the prompt returns immediately.

Clear the cached entries:

  1. Close Outlook completely.
  2. Open Control Panel → Credential Manager → Windows Credentials.
  3. Under Generic Credentials, look for entries beginning with MicrosoftOffice, MS.Outlook, msteams, or your @yourdomain.com address.
  4. Expand each one and click Remove.
  5. Reopen Outlook. Sign in when prompted and tick Remember my credentials / Keep me signed in.

You can also clear them from an elevated prompt, which is handy when you’re scripting a fix across several machines:

# List Office/Outlook generic credentials, then delete them
cmdkey /list | Select-String "MicrosoftOffice","MS.Outlook" 

# Remove the common Office credential targets
cmdkey /delete:MicrosoftOffice16_Data:live.com
cmdkey /delete:"MicrosoftOffice16_Data:SSPI:[email protected]"

After clearing, launch Outlook and let it prompt once. When you authenticate (and complete MFA if asked), Windows writes a fresh, valid credential and the loop ends.

Cause 2: MFA, conditional access, and a recently changed password

If the prompt started right after a password reset or an MFA rollout, the cause is on the identity side, not the client. Three situations come up constantly:

  • A password change that the cached token predates. The old token is now invalid and the client keeps trying it. Clearing credentials (Cause 1) usually clears this too.
  • MFA was enrolled or enforced. Outlook needs to complete a modern auth flow to get a token with the MFA claim. Older builds or a damaged profile can fail to show the browser-based prompt and fall back to a basic prompt that never succeeds.
  • A conditional access policy. A policy that requires a compliant device, a managed app, or sign-in from a trusted location can block the token silently and surface as a repeating prompt. Check the Entra sign-in logs for the user — a blocked or interrupted sign-in tells you exactly which policy fired.

Cause 3: Modern authentication is off or the build is too old

Microsoft 365 runs on modern authentication (OAuth 2.0). Basic authentication for Exchange Online has been retired, so any client still trying to authenticate the old way will prompt endlessly and never connect. Two things have to be true: modern auth must be enabled, and the Outlook build must be new enough to use it.

For the tenant, confirm modern auth is on for Exchange Online:

# Requires the ExchangeOnlineManagement module
Connect-ExchangeOnline
Get-OrganizationConfig | Select-Object Name, OAuth2ClientProfileEnabled
# OAuth2ClientProfileEnabled should be True

On the client side, modern auth is controlled by registry values under the Office identity key. On supported, up-to-date Office builds it’s enabled by default, but a leftover override from an old migration can still be forcing basic auth.

Office modern-auth registry values (HKCU\\Software\\Microsoft\\Office\\16.0\\Common\\Identity)

EnableADAL 1 = modern auth on. 0 forces the legacy stack — remove or set to 1.
DisableADALatopWAMOverride 1 can force the older ADAL path. Clear it unless you know you need it.
Version Informational — confirms the Office major version writing these keys. 
$key = "HKCU:\Software\Microsoft\Office\16.0\Common\Identity"
New-ItemProperty -Path $key -Name "EnableADAL" -Value 1 -PropertyType DWord -Force
# Remove a stale override if present
Remove-ItemProperty -Path $key -Name "DisableADALatopWAMOverride" -ErrorAction SilentlyContinue

Cause 4: A corrupt or duplicate Outlook profile

If credentials are clean and modern auth is on, the profile itself may be damaged. A profile holds the account configuration, the autodiscover result, and pointers to the local data file. When any of that gets corrupted — often after a migration, a name change, or an unexpected shutdown — Outlook can get stuck re-authenticating. A duplicate or half-configured second profile causes the same thing.

Rebuild the profile from scratch:

  1. Close Outlook.
  2. Open Control Panel → Mail (Microsoft Outlook) → Show Profiles.
  3. Click Add, create a new profile (give it a clear name like M365-2026), and add the Microsoft 365 account.
  4. Set Always use this profile to the new one.
  5. Open Outlook, sign in, and let the mailbox sync.

If you’d rather not delete the working profile yet, create the new one alongside it and switch the default. You can remove the old profile once the new one is stable.

Cause 5: Stuck cached identity inside Outlook

Outlook keeps its own list of signed-in identities, separate from Credential Manager. When that list holds a stale or duplicate identity, Outlook can prompt even after you’ve cleaned everything else. You’ll often see it as a sign-in box that already has the right address filled in but won’t accept the password.

Clear the cached accounts from inside Outlook:

  1. In Outlook, go to File → Office Account (or Account Settings → Account Settings).
  2. Under the connected services / signed-in identities, Sign out of any stale Microsoft 365 identity.
  3. Close Outlook, then clear Credential Manager again (Cause 1) to remove the matching token.
  4. Reopen Outlook and sign in once, cleanly.

For the new Outlook for Windows, removing and re-adding the account from Settings → Accounts does the same job, since it doesn’t use the classic profile model.

Cause 6: Autodiscover loops in hybrid and on-prem setups

In a hybrid Exchange environment, Outlook finds your mailbox through autodiscover. If autodiscover points the client at the wrong endpoint — an on-prem server for a mailbox that already moved to Exchange Online, or a stale SCP record in Active Directory — Outlook can bounce between endpoints and prompt for credentials at each hop. This is the classic “works in OWA, loops in desktop” pattern in hybrid tenants.

Test what autodiscover is actually returning:

  • Hold Ctrl and right-click the Outlook icon in the system tray, then choose Test E-mail AutoConfiguration. Enter the address, untick the guessmart options, and run it. The Results and Log tabs show every endpoint Outlook tried and which one answered.
  • Confirm the mailbox’s actual location. If the user is fully migrated to Exchange Online but autodiscover keeps returning an on-prem URL, fix the autodiscover DNS / SCP so the client is routed to Microsoft 365.

Quick read on autodiscover test results

Returns outlook.office365.com Mailbox is being routed to Exchange Online — correct for a migrated user
Returns your on-prem mail host Client is being sent on-prem; wrong if the mailbox already moved to the cloud
Alternates between both Likely a stale SCP or DNS record causing the prompt loop
Fails outright DNS, certificate, or connectivity issue on the autodiscover endpoint

Active Directory health feeds into this too. If your on-prem directory isn’t replicating cleanly, autodiscover and other lookups can behave unpredictably — our guide on fixing AD replication error 1722 covers the DNS and connectivity checks worth running if you suspect the directory layer.

Cause 7: “Remember my credentials” never sticks

Sometimes everything works until you restart, and then the prompt is back. The credential isn’t being saved. A few usual suspects:

  • Group Policy is clearing saved credentials. The policy Network access: Do not allow storage of passwords and credentials for network authentication wipes Credential Manager at logon. If it’s enabled, Outlook can never keep a saved token.
  • Roaming or mandatory profiles that don’t persist the credential store between sessions.
  • A “Keep me signed in” prompt that’s being dismissed during the modern auth flow. If the user clicks “No” on that browser dialog, the token isn’t persisted and they’ll re-auth more often.

Check the policy on the affected machine:

# 1 = storage of credentials is blocked by policy
Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name DisableDomainCreds -ErrorAction SilentlyContinue

If DisableDomainCreds is 1, a GPO is enforcing it. That’s a policy decision to take up with whoever owns your security baseline rather than something to quietly flip on every desktop.

Cause 8: A known Outlook update bug

Now and then the prompt isn’t your environment at all — it’s a regression in a specific Office build. Microsoft has shipped updates that broke modern auth token handling or made Outlook prompt repeatedly, then fixed them in a later release. If a prompt appears across many users at once, right after an Office update, suspect the build.

Check the version and update it:

  1. In Outlook, go to File → Office Account. Note the version and build under About Outlook.
  2. Click Update Options → Update Now.
  3. Compare the build against the release notes for your update channel. If a fix shipped in a newer build, update to it. If a known-bad build just rolled out, roll back to the previous known-good build until the fix lands.

Where to look by update channel

Current Channel Fastest feature and fix cadence — check for the latest build first
Monthly Enterprise Channel Predictable monthly updates — note your build date against release notes
Semi-Annual Enterprise Channel Slower — a fix may already exist on a faster channel before it reaches you

Keeping a record of which build is deployed makes this fast: when a prompt wave hits, you can tell in seconds whether an update is the trigger.

The fast path when you’re under pressure

When a user is blocked and you need the quickest route to a fix, run this order:

  1. One PC or everywhere? One device → local fix. Every device → account/tenant side.
  2. Close Outlook, clear Credential Manager generic entries, reopen, sign in fresh.
  3. Check the Entra sign-in logs if MFA or conditional access is involved.
  4. Confirm modern auth is on for the tenant and the client (EnableADAL, current build).
  5. Rebuild the Outlook profile if credentials and auth are clean.
  6. Run Test E-mail AutoConfiguration in hybrid setups to catch autodiscover loops.
  7. Check the Office build against release notes if many users prompt at once.

Most tickets close at step 2 or 3. The later steps catch the stubborn ones.

Wrapping up

An Outlook password prompt that won’t quit looks like an account problem, but in Microsoft 365 it’s almost always about a credential or token that’s gone stale, a profile that’s damaged, or a build that’s behind on modern authentication. Split single-machine issues from everywhere-issues first, clear the cached credentials, then work outward to profiles, modern auth, and autodiscover. Resist the urge to re-enable basic auth — that door is closed, and it only turns a prompt into a dead connection.

If you’re rolling these fixes out across a team, it helps to keep a short runbook: the triage question, the Credential Manager steps, and your current Office build. While you’re tidying up mailbox access, you might also look at how you set up shared mailboxes in Microsoft 365 so delegated access doesn’t trigger its own round of credential prompts.

Frequently asked questions

Why does Outlook keep asking for my Microsoft 365 password over and over?

The most common cause is a stale credential cached in Windows Credential Manager that no longer matches your current password or token. Outlook keeps presenting the bad credential, Exchange Online rejects it, and the prompt comes straight back. Removing the cached entries and signing in fresh resolves the loop in most cases.

How do I clear cached Outlook credentials in Windows?

Open Control Panel, go to Credential Manager, then Windows Credentials. Delete any entries that start with MicrosoftOffice, MS.Outlook, or your Microsoft 365 address under Generic Credentials. Close Outlook first, remove the entries, then reopen Outlook and sign in when prompted.

Does disabling Modern Authentication fix the Outlook password prompt?

No — it usually makes it worse. Microsoft 365 requires modern authentication (OAuth) and has retired basic authentication for Exchange Online. The fix is to make sure modern auth is enabled in your tenant and that Outlook is current enough to use it, not to fall back to basic auth.

Will recreating my Outlook profile delete my email?

No. With Exchange Online your mail lives in the cloud, so a new profile re-downloads it. You may lose local-only items like signatures, custom views, or a locally exported PST that was attached to the old profile, so note those before you delete a profile.

Why does the prompt only happen on one PC and not others?

That points to something local: a corrupt credential, a damaged Outlook profile, an out-of-date Office build, or a registry override on that machine. If every device prompts, suspect the account or tenant side instead — MFA, conditional access, or a recent password change.

Sources & further reading

Official vendor documentation referenced while writing this guide.

Outlook Microsoft 365 Exchange Online Authentication Credential Manager Modern Auth Troubleshooting
MG

MCSA Guru Team

IT & Systems Administration

We are working IT pros and system administrators who spend our days in Windows Server, Microsoft 365, and the wider Microsoft stack. MCSA Guru is where we write down the fixes and walkthroughs we wish we had found the first time.

About MCSA Guru

MCSA Guru provides independent, educational IT guidance. Microsoft, Windows, Windows Server, Microsoft 365, Exchange, and Microsoft Teams are trademarks of Microsoft Corporation; Docker is a trademark of Docker, Inc. MCSA Guru is not affiliated with or endorsed by Microsoft or Docker. Always test changes in a safe environment before applying them in production.

Related guides

Fixing something right now?

Jump straight into the guide library or search for the exact error or task you are dealing with.

Browse all guides Search the site