Applies ToOutlook for Microsoft 365

Last Updated: January 21, 2020

ISSUE

On premise customers with the Office 365 client began seeing unexpected credential prompts in Outlook for Windows starting on or after November 11th.  This issue occurs if the Office 365 tenant has at least one mailbox in the cloud.

STATUS: FIXED 

Below are the two main options to resolve the issue:

1.  Sync all your mailboxes to Office 365 as mail users so they are known hybrid users and get redirected back to on premises.

For more information see these reference materials:

Exchange hybrid deployment considerations which links out to this more specifically on AzureAD connect for syncing: Azure AD Connect sync: Understand and customize synchronization

Active Directory Synchronization is also listed as a pre-requisite for Exchange Hybrid: Hybrid deployment prerequisites

Active Directory synchronization: Deploy the Azure Active Directory Connect tool to enable Active Directory synchronization with your on-premises organization.

Learn more at Azure AD Connect User Sign-on options.

2.  Use the PowerShell AutodiscoverPartialDirSync option when your tenant has Directory Synced some of your Active Directory users into the cloud, but you still have on-premises Exchange users that are not Directory Synced.  

 Set-OrganizationConfig

-AutodiscoverPartialDirSync

This parameter is available only in the cloud-based service.

The AutodiscoverPartialDirSync option is for scenarios where tenants have Directory Synced some of their Active Directory users into the cloud, but still have on-premises Exchange users that are not Directory Synced.  Setting this flag to true will cause unknown users to be redirected to the on-premises endpoint and will allow on-premises users to discover their mailbox automatically. Online email addresses will be susceptible to enumeration. It is recommended to full Directory Sync all Active Directory users and leave this flag as the default False.

After you enable AutodiscoverPartialDirSync, it will take approximately 3 hours to fully saturate across the cloud.

Type: Boolean
Parameter Sets: Default
Aliases:
Applicable: Exchange Online
Required: False
Position: Named
Default Value: False
Accept pipeline input: False
Accept wildcard characters: False

For instructions using PowerShell see this topic, Connect to Exchange Online PowerShell

More Resources

Icon Experts (brain, gears)

Ask the experts

Connect with experts, discuss the latest Outlook news and best practices, and read our blog.

Outlook Tech Community

Icon Community

Get help in the community

Ask a question and find solutions from Support Agents, MVPs, Engineers, and Outlook users.

Outlook Forum on Answers

Icon feature request (light bulb, idea)

Suggest a new feature

We love reading your suggestions and feedback! Share your thoughts. We're listening.

Find out how

See Also

Fixes or workarounds for recent issues in classic Outlook for Windows

Facebook LinkedIn Email

Need more help?

Want more options?

Discover Community

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.

Ask the Microsoft Community

Microsoft Tech Community

Windows Insiders

Microsoft 365 Insiders