I’m sure you’ve all installed Office 2016 by now!
If you have already installed Office 2016, and you were an early adopter of SharePoint Online (as part of the original Office 365 – the obscurely named “Business Productivity Online Services” or BPOS…) you may have some issues authenticating against legacy site collections from within your Office applications (Word, Excel etc.).
The reason is related to the default authentication model as described here and reproduced below for convenience, and the fact that Modern Auth won’t work properly with BPOS site collections (for some reason – the clue may well be in the ADAL part of the reg key; Active Directory Authentication Library, which the old BPOS site collection can’t use to authenticate users properly as the trust may not work between Azure AD and the BPOS site collection.
SharePoint Online
Office Client | SharePoint Online (Default is ON) | ||
Office version and registry key | Modern auth effective? | Modern auth
disabled |
Modern auth enabled |
Office 2016, No registry key | Yes | Modern authentication only | Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled) |
Office 2016,
EnableADAL = 1 |
Yes | Failure to connect | Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled) |
Office 2016,
EnableADAL =0 |
No | Microsoft Online Sign-in Assistant only | Microsoft Online Sign-in Assistant only |
Office 2013,
No registry key set |
No | Microsoft Online Sign-in Assistant only | Microsoft Online Sign-in Assistant only |
Office 2013,
EnableADAL-1 |
Yes | Attempt modern authentication, fail over to Microsoft Online Sign-in Assistant if the server refuses a modern authentication connection (which is the case when tenant is not enabled) |
The Fix
If you are still having difficulties you can update the following in your registry manually:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity\EnableADAL should be added & set to 0,
or run this .reg file and reboot.
No warranty implied and all usual precautions should be taken before installing a .reg file from t’internet!
Happy for a full explanation to be added in the comments
Leave a Reply