Modern Authentication uses OAuth 2.0 to secure your email connection with multi-factor authentication instead of a basic password. Many email providers including Microsoft 365, Gmail, and Yahoo now require or strongly recommend this method for IMAP accounts in Outlook Desktop. Without it, Outlook may show repeated password prompts or fail to connect entirely after a provider update. This article explains how to configure Modern Authentication for IMAP in Outlook for Windows and what to do if the option is missing.
Key Takeaways: Configuring OAuth 2.0 for IMAP in Outlook Desktop
- File > Account Settings > Account Settings > Change > More Settings > Outgoing Server or Advanced: Disable basic authentication and enable OAuth 2.0 for IMAP and SMTP.
- Windows Registry key HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\ Add or modify the DWORD value EnableOAuth to 1 for IMAP accounts that do not show the OAuth option.
- Mail Control Panel (mail.cpl): Use this tool to create a new Outlook profile with Modern Authentication forced for IMAP accounts when the existing profile fails to connect.
What Modern Authentication Does for IMAP in Outlook
Modern Authentication replaces the traditional username and password logon with token-based OAuth 2.0. The token expires after a set period and refreshes automatically without user intervention. This eliminates the need to store your mailbox password in Outlook and allows your IT administrator to enforce multi-factor authentication for IMAP connections.
Outlook Desktop supports Modern Authentication for IMAP starting with version 1905 of Microsoft 365 Apps and Outlook 2019. The feature is enabled by default for Microsoft 365, Outlook.com, and Gmail accounts. For other providers, you may need to adjust registry settings or reconfigure the account manually.
Before you begin, confirm that your email provider supports OAuth 2.0 for IMAP. Microsoft 365, Gmail, Yahoo Mail, and AOL all support it. If your provider does not support OAuth, you cannot use Modern Authentication and must continue with basic authentication or switch to a different protocol.
Step-by-Step Configuration for Modern Authentication on IMAP
The following steps assume you already have an IMAP account added to Outlook. If you are adding a new account, use the same procedure but stop at the account creation wizard.
Method 1: Enable OAuth in an Existing IMAP Account
- Open Account Settings
In Outlook, go to File > Account Settings > Account Settings. Select your IMAP account from the list and click Change. - Open More Settings
In the Change Account window, click More Settings. Go to the Outgoing Server tab. - Disable Basic Authentication on the Outgoing Server
Uncheck My outgoing server (SMTP) requires authentication. If the check box is grayed out, leave it unchecked. Then go to the Advanced tab. - Change Authentication Method on the Incoming Server
Under the Incoming Server section, find the Use the following type of encrypted connection drop-down. Set it to TLS or Auto. Below that, locate the Authentication drop-down. Change it from Basic to OAuth 2.0. If the drop-down does not show OAuth, skip to Method 2. - Change Authentication Method on the Outgoing Server
Under the Outgoing Server section, set Use the following type of encrypted connection to TLS or Auto. Set the Authentication drop-down to OAuth 2.0. Click OK. - Test the Account
Back in the Change Account window, click Next. Outlook will test the connection. When prompted, sign in with your email credentials. You should see a Microsoft or provider-specific login page that supports multi-factor authentication. If the test passes, click Finish.
Method 2: Enable OAuth via Registry When the Drop-Down Is Missing
Some IMAP accounts, especially those added before Outlook version 1905, do not show the OAuth option in the Authentication drop-down. A registry edit forces Outlook to use OAuth for that account.
- Close Outlook
Ensure Outlook is not running. Press Windows + R, type regedit, and press Enter. - Navigate to the Outlook Profiles Key
Go to HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook. If you are using Outlook 2019 or Microsoft 365, the version number is 16.0. For Outlook 2016, use the same path. - Find Your IMAP Account Subkey
Expand the Outlook key. You will see subkeys named with a GUID (long string of letters and numbers). Click each one and look at the Service Name value in the right pane. The IMAP account will show MSN IMAP or POP3/SMTP depending on the provider. Note the GUID of the correct subkey. - Add the EnableOAuth DWORD
Right-click the GUID subkey you identified. Select New > DWORD (32-bit) Value. Name it EnableOAuth. Double-click it and set the value to 1. Click OK. - Restart Outlook and Test
Close Registry Editor and open Outlook. Outlook will prompt you to sign in again. Enter your credentials using the OAuth login page. If you do not see a prompt, go to File > Account Settings > Account Settings, select the account, and click Repair.
Method 3: Create a New Outlook Profile with Modern Authentication
If the registry edit does not work, create a new Outlook profile. This method forces Outlook to set up the account with OAuth from the beginning.
- Open Mail Control Panel
Press Windows + R, type control, and press Enter. In Control Panel, set the view to Small icons and click Mail (Microsoft Outlook). Alternatively, type mail.cpl in the Run dialog. - Create a New Profile
In the Mail Setup dialog, click Show Profiles. Click Add, type a name for the profile, and click OK. Outlook opens the account setup wizard. - Add the IMAP Account with OAuth
Enter your name, email address, and password. Outlook attempts to detect the server settings. If it detects the account as IMAP, it will automatically use OAuth for Microsoft 365 and Gmail. For other providers, click Advanced setup, choose IMAP, and enter the server details. Under Authentication, select OAuth 2.0 if available. Complete the setup. - Set the New Profile as Default
Back in the Mail dialog, under When starting Microsoft Outlook, use this profile, select your new profile from the drop-down. Click OK. - Start Outlook with the New Profile
Open Outlook. It will use the new profile. Your old profile remains available but will not be used unless you switch back.
Common Problems After Enabling Modern Authentication
Outlook Does Not Show the OAuth Option in the Authentication Drop-Down
This occurs when the account was created with an older Outlook version or when the registry key for OAuth is missing. Follow Method 2 above to add the EnableOAuth DWORD. If the drop-down still does not appear, your email provider may not support OAuth for IMAP. Contact your provider to confirm.
Outlook Prompts for Password Repeatedly After Switching to OAuth
This indicates that Outlook is still trying to use basic authentication despite the setting change. Open the account settings again and verify that the Authentication drop-down in both the Incoming and Outgoing Server sections is set to OAuth 2.0. Also check that the encrypted connection type is TLS or Auto. If the problem persists, remove the account and add it again using Method 3.
Outlook Fails to Connect with Error 0x800CCC0E After Registry Edit
This error means Outlook cannot communicate with the mail server. The most common cause is incorrect server names or port numbers. Verify your IMAP and SMTP server settings with your email provider. For Microsoft 365, the IMAP server is outlook.office365.com on port 993 with TLS, and the SMTP server is smtp.office365.com on port 587 with TLS. Ensure the EnableOAuth value is set to 1, not 0.
Basic Authentication vs Modern Authentication for IMAP
| Item | Basic Authentication | Modern Authentication (OAuth 2.0) |
|---|---|---|
| Security | Password stored in Outlook; no multi-factor support | Token-based with multi-factor authentication support |
| Password changes | Requires updating password in Outlook | Token refreshes automatically; no password update needed |
| Provider support | All IMAP providers support it | Only providers that implement OAuth 2.0 for IMAP |
| Setup complexity | Simple username and password | May require registry edits or profile recreation |
| Outlook compatibility | All Outlook versions | Outlook 2016, 2019, and Microsoft 365 (version 1905 or newer) |
Modern Authentication is the recommended method for IMAP accounts in Outlook Desktop when your provider supports it. It removes the need to manage passwords inside Outlook and allows your organization to enforce security policies like multi-factor authentication. If you manage multiple accounts, consider switching all supported IMAP accounts to OAuth 2.0 using the registry method to batch apply the change.