You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

In order for Office desktop clients, such as Outlook, Skype for Business, to support MFA via federated authentication, your Office 365 tenant needs to be configured to support modern authentication. 

Enable Exchange Online for modern authentication

  1. Connect to Exchange Online PowerShell as shown below

    1. On your local computer, open Windows PowerShell and run the following command.

      $UserCredential = Get-Credential

      In the Windows PowerShell Credential Request dialog box, type your work or school account and password, and then click OK.


    2. Run the following command.

      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection


    3. Run the following command.

      Import-PSSession $Session

  2. Run the following command in Exchange Online PowerShell:

    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true


  3. To verify that the change was successful, run the following command in Exchange Online PowerShell:

    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

Enable Skype for Business Online for modern authentication

  1. Connect to Skype for Business Online using remote PowerShell as shown below

    1. If you have not installed Skype for Business PowerShell Module, click the link to install it on your PC.

    2. Open Windows PowerShell as an administrator (use Run as administrator) on any machine which has Internet connection.

    3. Run the command below, and enter your Office 365 admin account credentials.

      $credential = Get-Credential

    4. Run the script below to import the Skype for Business PowerShell Module:

      Import-Module SkypeOnlineConnector


    5. Run the command below to create a new session

      $session = New-CsOnlineSession -Credential $credential -Verbose


    6. Finally, import the new session into the Windows PowerShell console. 

      Import-PSSession $session

  2. Run the following command to enable modern authentication:
    Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

  3. Verify that the change was successful by running the following:
    Get-CsOAuthConfiguration


    Note: to disable modern authentication, run command: Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride

However, not all Office desktop clients support modern authentication. Generally speaking, Office 2013 and later desktop clients (including Outlook and Skype for Business) support modern authentication. Check the link below for the list of Office clients that support modern authentication:

https://social.technet.microsoft.com/wiki/contents/articles/32211.modern-authentication-behavior-across-office-2013-and-office-2016.aspx

  • No labels