Modern Authentication

Even though SSO or ADFS is used within Office 365 initially both Outlook and Skype clients will prompt for credentials providing a not-so seamless environment.

If enabled, Modern Authentication will make this seamless for Office 2013 and Office 2016. Office 2013 will require a registry which can be deployed via GPO.

HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL REG_DWORD 1
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version REG_DWORD 1

Using PowerShell to check

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session
Get-OrganizationConfig | select *OAuth*

To change

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Similarly for Skype for Business

$UserCredential = Get-Credential
$session = New-CsOnlineSession -Credential $credential -Verbose
Import-PSSession $session
Get-CsOAuthConfiguration | select *Adal*

To change

Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

https://support.office.com/en-gb/article/How-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517

https://www.thecloudjournal.net/2016/10/enable-office-365-modern-authentication/

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s