Office 365 - EXO / ADAL / MFA / App Passwords

If you are trying to access Exchange Online with Outlook but you are protecting EOL with conditional access policies, and Modern Authentication is not enabled on the tenant, you'll need to create individual App Passwords for the applications.

To do this browse to the App Passwords section of your account at the following URL -

Here you can also change your additional security methods for your account and configure the authentication application. Additional security verification -

You can also enable Azure MFA on Outlook 2016 with Active Directory Authentication Library (ADAL) for Exchange Online.

If you have Outlook 2016 or Outlook 2013 and want to use Azure MFA but you do not want to use Application Passwords you may need to enable modern authentication Active Directory Authentication Library (ADAL) in Exchange Online, this used to be disabled by default but is now enabled by default, but it's worth checking.

Connect to Exchange Online PowerShell as shown here.

Set-ExecutionPolicy RemoteSigned
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential
$UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

If you need to connect using MFA (if you have already configured it) then follow these instructions -

Connect-EXOPSSession -UserPrincipalName

To check the current configuration run; 

Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

Run this command to enable modern authentication in Exchange Online:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Run this command to disable modern authentication in Exchange Online:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $false