By default Modern Authentication or Multifactor Authentication is disabled for new users of Office 365. It’s very easy to enable the service on a user by user basis which allows them to begin using a secondary method of authentication whenever they want to use Office 365.

What is Modern Authentication?

Modern Authentication is really another way to say, Multi-Factor Authentication or Two-Way Authentication. It means that in order to login to a service or account, you will need to enter two different passcodes. The first is your own password that you create, and the second passcode is a randomly generated code or pin that is sent to you through a text message or authenticator application. This method of authentication is very, very secure and should be used as much as possible. You can read more about multi-factor authentication using this link: https://en.wikipedia.org/wiki/Multi-factor_authentication.

Enable Modern Authentication in Office 365

To enable Modern Authentication in Office 365 is a simple process for a Global Administrator to do. Follow the steps below.

  1. Login to https://portal.office.com.
  2. Select the Admin Center app.
  3. Select Users > Active Users.MFA1
  4. In the Office 365 admin center, click More > Setup azure multi-factor auth.
  5. Select the users you want to enable Modern Authentication on.MFA2
  6. On the right user info pane, under quick steps you’ll see Enable and Manage user settings. Choose Enable.
  7. In the dialog box that opens, click enable multi-factor auth.

Exchange and Skype Online

Now that MFA has been enabled for these users, they can use Office 365 with modern authentication enabled but Outlook and Skype for Business but will need an App Password.

Wait a minute, didn’t you say they can use Modern Authentication with Office 365 applications and services? Yes, I did. But first we have to enable Modern Authentication on those Exchange Online and Skype for Business. Follow these steps.

  1. Open PowerShell as an Administrator.
  2. Run this set of commands to connect to Exchange Online:
    • Set-ExecutionPolicy RemoteSigned (say Yes)
    • $UserCredential = Get-Credential (use your admin credentials)
    • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    • Import-PSSession $Session
  3. Now run this command to enable Modern Authentication for Exchange Online.
    • Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  4. Now verify the change was successful by running this command:
    • Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
  5. Now we need to enable Skype for Business Modern Authentication and in order to do so we need to install a few items.
  6. Download and install the Skype for Business Online, Windows PowerShell Module using this link.
  7. After it is installed, continue in PowerShell and run the following commands.
    • $credential = Get-Credential (use your admin credentials)
    • $session = New-CsOnlineSession -Credential $credential -Verbose
    • Import-PSSession $session
  8. Now run this command to enable Modern Authentication for Skype for Business.
    • Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
  9. Now verify the change was successful by running this command:
    • Get-CsOAuthConfiguration

Congratulations! Now your organization can use Modern Authentication on all applications, including Outlook and Skype for Business. There is no need for an app password.

Let me know how this is working for your organization in the comments section.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s