Enabling Modern Authentication for Office
Enabling Azure AD and Office 365 features including multi-factor authentication and Conditional Access will impact your users because they’ll need utilise App Passwords (one time passwords used for authentication with legacy applications). Unfortunately this will only serve to confuse users and result in calls to your service desk. Modern authentication is, of course, the way to improve user experience but it’s not enabled by default.
Office applications previous to 2013 aren’t capable of modern authentication, but if you’re deploying Office 365 your likely deploying Office 365 ProPlus – 2013 or later. However it’s not enough just to deploy a recent version of Office, modern authentication (or OAuth) needs to be enabled in your tenant. Microsoft has described how modern authentication works in Office 2013 and 2016 client applications. In that article we can see that modern authentication is:
- Turned off for Exchange Online by default.
- Turned on for SharePoint Online by default.
- Turned off for Skype for Business Online by default.
Why this is, I’m not sure, but you’ll need to enable modern authentication for Exchange Online and Skype for Business for this feature to work on the client end.
Enabling Modern Authentication for Exchange Online
Full details for enabling modern authentication are available in this article for Exchange Online from Microsoft; however here’s the short version. You’ll need to first install the Azure AD PowerShell module. Then connect to your Office 365 tenant and enable OAuth with Set-OrganizationConfig, via the following code:
Read the entire article here, Enabling Modern Authentication for Office
via the fine folks at FSLogix