Configuring Modern Authentication

January 12, 2021 | by iaur | posted as Adminstration, Microsoft 365

Enable\Disable Modern Authentication for Office 365 Services

A.     Teams, Office Apps, and SharePoint Online is enabled with Modern Authentication by default

https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx

https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication#moving-away-from-legacy-authentication

B.      Exchange Online

1.      Connect Exchange Online using PowerShell

2.      Run the following cmdlet to verify the Modern Authentication status:

Get-OrganizationConfig | ft OAuth*

3.      To enable the modern authentication for Exchange online, run the following cmdlet:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $True
C.      Skype for Business

1.      Connect with Skype for Business online using PowerShell 

2.      Run the cmdlet to check the status of Modern Authentication status for Skype for Business online:

Get-CsOAuthConfiguration

3.      To enable modern authentication for Skype for Business online, run the following cmdlet:

Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

Verify Authentication Prompt Type

A.     Basic Authentication

onr ct 一 to 
Password

B.      Modern Authentication

Microsoft 
Sign in 
EmaiL Skype 
NO ECOuM? Create 
Cm•t

Troubleshooting Modern Authentication Issues for Office Clients

Outlook is not accepting password

Outlook keeps asking for password

Office apps keeps asking for credentials

If EXO Modern Auth is False, Account is MFA Enabled, Basic UI

A.     Create an App Password

B.      Use it as the Password

If EXO Modern Auth is True, Account is MFA Enabled, Basic UI

Go to: HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity

Add DWORD:

DisableADALatopWAMOverride= 0

EnableADAL= 1

If EXO Modern Auth is True, Account is MFA Disabled, Modern UI

Go to: HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity

Add DWORD:

DisableADALatopWAMOverride= 1

EnableADAL= 0

Alternately

In Windows 8, press the Windows key, type Run, and then press Enter.

In Windows 7, click Start, point to All Programs, click Accessories, and then click Run.

In the Run dialog box, type the following switch and hit enter key.

reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity /v DisableADALatopWAMOverride /t REG_DWORD /d 1 /f

reg.exe add HKEY_CURRENT_USER\Software\Microsoft\Office\1x.0\Common\Identity /v EnableADAL /t REG_DWORD /d 0 /f

Note:

The 1x.0 placeholder represents your version of Office (16.0 = Office 2016, 15.0 = Office 2013, 14.0 = Office 2010)

0 = Disabled

1 = Enabled

Reference:

DisableADALatopWAMOverride = disable the web accounts manager in Windows 10

https://social.technet.microsoft.com/Forums/en-US/32f705e9-b1eb-4e89-aba3-8d5561853a12/exchange-online-outlook-2016-password-loop?forum=outlook

EnableADAL = enable modern authentication for the Office client installed on the machine

Reference

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide

https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online