O365 Email with Two Factor Authentication

I am trying to add an O365 email account that uses a 3rd party two factor authentication. On a standard Android phone after entering my password it would then load a webpage that allows me to initiate an approval from 2FA. On /e/ after entering the password it just says “Looks like something went wrong.” I have tried the Outlook app and various other apps that support O365 and all have the same behavior. Any suggestions?

You need to disable the “engagement tracker” with Advanced Privacy to get past the initial hurdle. Then you should be able to use most Email clients, as in “k9 Mail” or similar.

But you can’t add Oauth2 Email accounts to /e/s Mail Application currently, there’s a bug - How to add an Outlook 365 account to e/Mail?

Thanks for the information. I didn’t see anything specifically that said “engagement tracker” but I did disable tracker blocking globally and for Outlook.

However, after entering my email address and password, I still see this.


I am assuming that these kinds of prompts would normally be handled by Android System Webview, but I am not sure how /e/ OS handles this or if there might be some missing component.

What is your second factor in the 3rd party service? If it is a hardware key I think the default Browser (bromite) can’t handle this yet.

Maybe I was too quick to point out that the link back from the Webview / default Browser to the default Mail App is broken anyway for Microsoft Oauth last I checked 8 months ago.

I am using Cisco Duo

Another thing I am unsure about…

I am running this on a Moto G7 Power, so the bootloader is unlocked. I wouldn’t think that would affect this directly as I am able to log into Outlook.com via the browser on the phone with no problems. I was hoping to use this phone as a “proof of concept” before making the leap to a Murena phone.

and Login to outlook.com doesn’t require you to use 2fa? If it did prompt you (and Duo entered some otp I guess?) and login worked, I’m pretty sure it’s the token hand back from Browser to Mail that’s still at issue to add your outlook.com Email to the default Mail app.

An unlocked bootloader only relevant if the Authenticator App wants to enforce some property of it - Duo Mobile works reportedly (the backup/account transfer feature though doesn’t).

I think it’s a gamble to use corporate-y Apps with microG frankensteins. If it works, it works until it doesn’t, and then who you gonna call.

It does prompt for 2FA in the browser but it’s all done inside the browser. The flow is usually the same either way, the major difference is when logging in to an app (Outlook, Nine, or any other O365 complaint email app) it all happens in Webview.

O365 login > redirect to Duo/2FA screen > redirect back to the app you’re logging into.

I’m sure there’s more too it under the hood but that’s the perception from a GUI perspective.

just to make it explicit: the target App you want to add the outlook Email to is the default /e/ Mail app?

In your auth flow, Duo/2FA will confirm your authorization back to the microsoft login logic, and the browser hands the token back to the App - and this was broken 8 months ago when I looked at it. k9mail should work though, maybe you can give this a go?

No, I have tried the official Microsoft Outlook, Nine Email, and Microsoft Teams apps which all use the same authorization mechanism. All display the same behavior. After entering the username and password, instead of allowing me to enter the 2FA code it shows the error I posted earlier. I didn’t put much time into the default app as you pointed out it seems to be broken. Additionally it seems to only allow POP and IMAP and I need to use an O365 account. I hope that clarifies. Thank you.

In the end you’d need to reach for ‘adb logcat’ to bring more insight into what’s behind the “Looks like something went wrong” error message. The system log is more verbose.

Checkout the forum search, O365 and MS Apps are generally a sought after topic, maybe there’s something I overlook.

This topic was automatically closed after 60 days. New replies are no longer allowed.