What is Modern Authentication in Microsoft 365?
You should get used to something new. You will hear the term Modern a lot in the future from Microsoft, especially when it comes to Microsoft 365 and all its related services, features, and apps. The word Modern is one of those buzzwords that was probably introduced around 2016, probably by Microsoft marketing. It sounds cool, flashy, and relevant. However, it seems like the emphasis of this term will be much more obvious in the 2019 versions of Microsoft products. Modern will be used in the products, all the documentation, in the features, in marketing and advertising…..just about everywhere. Some examples that you may have already noticed in SharePoint are:
- Modern Experience in SharePoint:
“The SharePoint Online home page in Office 365 is a modern experience where you can easily find and access SharePoint sites within your organization.” - Modern Team Site:
“”Modern” team sites are responsive by design and are much faster to create and use from an end user perspective.” - Modern Communication Site:
“A “modern” communication site is a place where you can share news, showcase a story, or broadcast a message.” - Modern Lists and Libraries:
” SharePoint Online team released “modern” document lists and libraries, which bring a better user experience that is faster, more intuitive, and responsive.” - Modern Site Pages:
“Modern team site pages are fast, easy to author, and support rich multimedia content.”
There’s even a new term in Microsoft Exchange for a method of identity management called Hybrid Modern Authentication (HMA). So now you know what I am talking about. By the way, I am not saying that there’s anything wrong with this usage. Not at all. I am only pointing out the fact that you should get used to everything being modern for a while…..and having some fun, of course.
In this article, I want to explain what Modern Authentication is in Microsoft 365 (formerly known as Office 365) and then show you how to enable or disable it in Exchange Online.
Modern Authentication in Microsoft 365
So what exactly is Modern Authentication? The Modern Authentication in Microsoft 365 is based on ADAL (Active Directory Authentication Library) and OAuth 2.0 and supports some of the newer features that are available in Microsoft 365. These security features provide enhanced authentication to users. Examples include:
- Multi-factor Authentication (MFA) using smart cards
- Certificate-based Authentication (CBA)
- Third-party SAML identity providers
According to Microsoft, by default Exchange Online, SharePoint Online, and Skype for Business Online automatically use Modern Authentication. There may be situations when an organization may want to disable Modern Authentication in Exchange Online. For example, during a migration it may cause issues or you may have applications that don’t support MFA. Another reason could be that you have older Exchange clients that don’t support MFA or CBA. The drawback to disabling Modern Authentication is that Exchange clients will then use Basic Authentication to access Exchange mailboxes. Basic Authentication is not secure because the user credentials are sent in clear text and can be stolen. For more more information on Basic Authentication visit HTTP Authentication Methods in Windows. You may also be interested in a related Microsoft article on Modern Authentication called How modern authentication works for Office 2013 and Office 2016 client apps.
Enabling or Disabling Modern Authentication for Office 2013
If you want to enable Modern Authentication for Office 2013 on Windows devices, you can enable two registry keys on these devices. Set the REG_DWORD to 1 at these two locations:
- HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
- HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version
To disable Modern Authentication, set the REG_DWORD key to 0 at HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL. By the way, the 15.0 in the registry hive refers to Office 2013. Once enabled, Office 2013 clients will be able to use the features supported by Microsoft Authentication (MFA, CBA, etc.).
Enabling or Disabling Modern Authentication in Exchange Online
If you want to enable or disable Modern Authentication in Exchange Online, use the following PowerShell commands. You need to first connect to the Exchange Online PowerShell before using the following commands. If you are not sure how, check out Microsoft’s article Connect to Exchange Online PowerShell.
- To enable Modern Authentication use:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
- To disable Modern Authentication use:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
- To verify that the change you just made took place:
Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
| Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. |
Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.
Thank you, very informative!