Fix the set_pback_cookie Issue During OWA Login in Office 365

Read time 4 minutes

Microsoft Outlook Web Apps is the web-based counterpart of MS Outlook, granting users access to Office 365 from different devices. This online platform is accessible via web browsers, using the same credentials as their Office 365 (now Microsoft 365) accounts. Notably, it allows users to effortlessly add Office 365 shared mailboxes while maintaining unified credentials.

Furthermore, establishing your Exchange Online account in Outlook Web Access (OWA) is crucial for business continuity. To prevent potential data loss, it’s advisable to export Office 365 mailboxes to PST. Occasionally, users encounter a login issue with the “set_pback” cookie, an authentication warning in OWA that can impede account access.

The “PBack” session cookie should be automatically generated by OWA upon a successful login. Its absence can lead to login failures. Therefore, it’s advisable to enable cookies manually in your web browser before attempting to log in to your OWA account.
Here is how you can enable cookies manually in different web browsers:

In Mozilla Firefox

1. In Mozilla Firefox, click three horizontal lines to open the menu and then choose Options.
2. Go to the Privacy tab; inside the History tab, choose ‘Use custom settings for history.’
3. Click the checkbox to select ‘Accept cookies from sites.’ Also, change the ‘Accept third-party cookies’ option to Always.
4. Click OK.

1. In Windows Edge, click three dots (More), click Settings, and View Advanced Settings.
2. Go to cookies and choose the option Don’t block cookies.

1. In Google Chrome menu, click Settings>>Show advanced settings. Go to the Privacy tab and go to Content Settings.
2. There is a cookies option in Content Settings; choose ‘Allow local data to be set (recommended).’
3. Click Done.

1. On your Mac computer, open Safari, then choose Preferences>>Privacy.
2. Allow the option to ‘Cookies and website data.’ Click Close and restart the browser.

1. In Internet Explorer, click Tools, then choose Internet Options>>Privacy>>Advanced.
2. Choose Accept under First-party cookies and click Access under third-party cookies.
3. Choose OK.

If you’ve already enabled cookies in your web browser and are still unable to log in to Office 365, it’s possible that a more significant authentication issue exists within the Exchange Online server. In such cases, consider the following steps:

Open Internet Service Manager and right-click on the OWA website. Choose its Properties.

1. Go to the Directory Security tab under Outlook Web App main site’s property wizard.
2. Click Edit to ‘Anonymous Access and Authentication Control’ option.
3. In the authentication method dialog box, check if Anonymous Access is not checked.
4. In the authentication access section, verify that the Basic Authentication option is selected.
5. Click the Edit button and make sure that the Connect authentication domain is selected.

Click OK, then close all the opened wizards. Then, log in to OWA with the help of saved settings.
There are some useful methods to protect your Exchange Online account from unauthorized access or DOS attacks that you should always use.

1. Use strong passwords to protect your accounts. The Exchange Administrator can set the terms and conditions to secure the password. Some strong tactics are account lockout after 5 wrong attempts, triggering a wait time to log in after 30 minutes and reset account lock after 60 minutes.
2. You can enable CAPTCHA to strengthen the login process. The user will need to fill the CAPTCHA after providing the login details.
3. Use the multi-factor login methods. It requires a mobile phone number and an additional step before entering the account. After providing the login details, the user will get an SMS or a call with a password. After inputting the password, the account will allow to log in.
4. Block the user using geo-blocking based on their locations. Often, the attacks happen from various countries, and hackers use VPN to mask their identity. If you know your user base and their location, then you can use the geo-blocking feature to block users from other countries.

Conclusion

While the cookie issue in OWA is noteworthy, there are more substantial challenges to consider. Safeguard your account by implementing the aforementioned security and authentication measures. For improved Office 365 management, rely on Kernel Export Office 365 to PST software. It ensures mailbox accessibility even when login is problematic. Unlike free methods to Office 365 Backup that store limited data, Kernel Export Office 365 to PST comprehensively covers primary, shared, and public folders.