Fix Error CAA2000B when signing into Outlook

Users complain that they can’t sign into the Outlook app, and an error appears: Error CAA2000B. However, signing into Outlook on the web works fine. So, what is happening, and what is the solution to this problem? In this article, you will learn how to fix the error CAA2000B when signing into Outlook.

How to fix Error CAA2000B when signing into Outlook

To fix the Outlook sign-in error CAA2000B using the Microsoft Entra admin center, follow these steps:

1. Sign into Microsoft Entra admin center
2. Navigate to Identity > Applications > Enterprise applications
3. Select All applications
4. Click on the X to clear all the filters

5. Click on Add filters
6. Select Filters – Application ID
7. Select Operator – starts with
8. Select Application ID – 40775b29-2688-46b6-a3b5-b256bd04df9f
9. Click Apply

10. Select the application Microsoft Information Protection API

11. Select Properties
12. Turn on Enabled for users to sign-in
13. Click Save

14. Wait for 5 minutes for the change to propagate
15. Test it out for a single user. They must restart Outlook, and they might fill in their credentials again. Once everything works, you can tell all the users to restart Outlook and sign in.

How to fix Error CAA2000B when signing into Outlook using PowerShell

To fix the Outlook sign-in error CAA2000B using PowerShell, follow these steps:

1. Run Windows PowerShell as administrator
2. Install the Microsoft Graph PowerShell module

Install-Module Microsoft.Graph -Force

3. Connect to Microsoft Graph PowerShell using the scopes below

Connect-MgGraph -Scopes "Application.ReadWrite.All"

4. Run the Update-MgServicePrincipalbyAppId cmdlet to enable the application for users to sign-in

Update-MgServicePrincipalByAppId -AppId "40775b29-2688-46b6-a3b5-b256bd04df9f" -AccountEnabled:$true

5. Get AppID account enabled status

Get-MgServicePrincipal -Filter "appId eq '40775b29-2688-46b6-a3b5-b256bd04df9f'" | Select-Object AppId, DisplayName, AccountEnabled

The output shows the AccountEnabled property as True.

AppId                                DisplayName                          AccountEnabled
-----                                -----------                          --------------
40775b29-2688-46b6-a3b5-b256bd04df9f Microsoft Information Protection API           True

6. Wait for 5 minutes for the change to propagate
7. Test it out for a single user. They must restart Outlook, and they might fill in their credentials again. Once everything works, you can tell all the users to restart Outlook and sign in.

That’s it!

Read more: Outlook needs password after Hybrid Modern Authentication implementation »

Conclusion

You learned how to fix Error CAA2000B when signing into Outlook. First, find the application ID from the Outlook error. After that, sign in to the Microsoft Entra admin center and search for that application ID. Lastly, ensure that you enable it for users to sign in.

Did you enjoy this article? You may also like Export Entra ID app registrations Certificates and Secrets expiry report. Don’t forget to follow us and share this article.