Defaults
The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connection. Microsoft recommend Exchange Online be enabled for modern authentication when enabling modern authentication for Skype for Business.Here is the per service state of modern authentication by default for tenants created before August 1, 2017:
Skype for Business Online - OFF by default.
Exchange Online - OFF by default.
SharePoint Online - ON by default.
Note: As of August 1, 2017, for all newly created Office 365 tenants, use of modern authentication is now ON by default for Exchange Online and Skype for Business Online.
Because Skype for Business clients connect to both Skype for Business Online and Exchange Online, tenant level modern authentication settings should match for Exchange Online and Skype for Business Online.
Enable or Disable Modern Authentication
The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connections
Skype for Business Online: Enable your tenant for modern authentication
Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride
Exchange Online: Enable your tenant for modern authentication
Run this command to enable modern authentication in Exchange Online:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Run this command to disable modern authentication in Exchange Online:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
To verify that the change was successful, run this command:
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
Connect to Office 365 services with multi-factor authentication (MFA) and PowerShell
All of this information and links are detailed on Joe Davis TechNet post - https://goo.gl/HcJGeS
To connect to Office 365 services with MFA and PowerShell:
- For the Azure Active Directory (AD) tenant with the Windows Azure Active Directory Module (cmdlets have “Msol” in their name), see Connect to Office 365 PowerShell.
- For the Azure AD tenant with the Azure Active Directory V2 module (cmdlets have “AzureAD” in their name), see Connect with the Azure Active Directory V2 PowerShell module.
- For Exchange Online, see Connect to Exchange Online PowerShell using multi-factor authentication.
- For SharePoint Online, see Connect to SharePoint Online PowerShell.
- For Skype for Business Online, see Connect to Skype for Business Online.
- For the Security & Compliance Center, see Connect to Office 365 Security & Compliance Center PowerShell using multi-factor authentication.
Client Considerations
Office 2010 does not support ADAL. For Office 2013 client apps, we need to have registry keys set up on end user operating system to enable support for modern authentication.To enable modern authentication support for Windows workstation running Office 2013 client apps, following registry keys are required.
Registry Key
|
Type
|
Value
|
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
|
REG_DWORD
|
1
|
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version
|
REG_DWORD
|
1
|
How modern authentication works for Office 2013 and Office 2016 client apps - https://support.office.com/en-gb/article/How-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517
Some client versions don't support OAuth. You can check your version of Office client in Control Panel where you Add and Remove programs in order to compare your version number to the versions (or ranges of versions) listed here:
- Office Client 15.0.[0000-4766].*
- Office Client 16.0.[0000-4293].*
- Office Client 16.0.6001.[0000-1032]
- Office Client 16.0.[6000-6224].*
Enable MFA for Users
Learn how to set up multi-factor authentication (MFA) for Office 365 users. - https://support.office.com/en-us/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6?ui=en-US&rs=en-US&ad=US
Comments
Post a Comment