The organization I work for has implemented two factor authentication, with participants using the RSA SecureID app on mobile phones. Such authentication is required for having apps connect to the organization's Exchange service. For me, this has worked on my iPhone and iPad for connecting the native iOS apps for Mail, Calendar, Tasks, etc.
However, on my MacBookPro laptop running macOS High Sierra, attempts to connect the native Mail and Calendar apps to the Exchange service fail. The auto-discover dialogue seems to "thing about it", but then returns a message that it is unable to verify the account name or password, and never triggers the RSA SecureID authentication dialogue box. And similar results when attempting to manually configure the Mail connection.
The Office 2016 Outlook application on my MacBookPro can make the Exchange connection with the typical authentication preamble.
However, I enjoyed pulling the Exchange info into the native Calendar app so I could view it integrated with my personal activities.
Hi Robert,
Unfortunately this is a limitation of the Mac mail client. Newer clients like Outlook 2016 and even the mail app on iOS 11 support what Microsoft calls "modern authentication." This is the web browser type flow you saw when configuring Outlook. Unfortunately the native mail client in the Mac is what is known as an "active" client. This means that it stores the password and then sends it to the server as needed to re-authenticate. Applications that support modern authentication are referred to as "passive" clients as they authenticate once and then receive an access token which they store and then use to access the account. These passive, or modern auth, clients work well with MFA as the authentication happens in a web browser. Active clients like Mac mail are simply not able to support MFA. Given that Apple added modern authentication capabilities to iOS 11, I'm hopeful that we'll see it added to Mac mail as well!