Office 365: Enable Modern Authentication
Modern Authentication
Introduction:
Modern authentication in Exchange Online enables authentication features like multifactor authentication (MFA), smart cards, certificate-based authentication (CBA), and third party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. it removes the need for Outlook to use the basic authentication protocol.
Why we need Modern Authentication?
• Office 365 MFA enables you to configure an additional layer of security for the user sign in process to ensure data protection and minimize the security risk
• Modern Authentication in Office 365 help desktop applications to user ADAL-based authentication and eliminate the need to memorize app password.
Advantages
• When you enable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication (Outlook 2013 or later) use modern authentication to connect to Exchange Online mailboxes automatically.
• When you disable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication use basic authentication to connect to Exchange Online mailboxes
• By default, Exchange Online, Skype for Business Online, SharePoint Online, and Office2016 client apps are enabled for modern authentication and do not require any additional configuration on the client-side.
Issues
• Modern Authentication requires a minimum of Office 2013 client version15.0.4753.1001 installed on an end-user machine
• When you enable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication will be prompted to log in again.
• A user with multiple accounts configured in their Outlook profile might receive an error when they try to connect to their mailbox.
Multi-Factor Authentication along with Modern Authentication will NOT work with
Androids built-in mail app. They will need to install Outlook app on their Androids if they
want to access their corporate emails. And OS X built-in mail app will not work either.
They would use Office for Mac 2016 and up. PCs are given to users with everything pre-configured, they have no need for the
password. Hence if 365 is turned on to modern authentication and everyone needs to
reauthenticate, it is going to cause lots of running around.
No effect
• Enabling or disabling modern authentication in Exchange Online as described in this
topic does not affect other email clients that support modern authentication (for
example, Outlook Mobile, Outlook for Mac 2016, and Exchange ActiveSync in iOS 11 or
later). These other email clients always use modern authentication to log in to Exchange
Online mailboxes.
• Enabling or disabling modern authentication has no effect on IMAP or POP3 clients.
However, if you've enabled security defaults in your organization, POP3 and IMAP4 are
already disabled in Exchange Online.
Configuring Modern Authentication for Office 365
• Portal.office.com
• Org setting
• Services
• Modern authentication
You can enable disable some of protocol
Configuring Modern Authentication for Office Apps
Modern authentication in Office 365 is enabled per user basis for workloads in Office 365. By
default, modern authentication is enabled for SharePoint online and you do not have to
configure anything in SharePoint online to enable modern authentication.
Configuring Exchange Online for Modern Authentication
Follow the steps to configure Exchange online for Modern authentication in Office 365.
• Connect Exchange Online using PowerShell
• Run the following cmdlet to verify the Modern Authentication status:
Get-OrganizationConfig | ft. OAuth*
• To enable the modern authentication for Exchange online, run the following cmdlet:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
• To verify that the Modern Authentication is enabled for Exchange online, re-run the
Get-OrganizationConfig cmdlet: