Exchange Online & Skype for Business Multi Factor Authentication

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0.

When you enable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 (version 15.0.4753 or later, with a required registry setting) use modern authentication to log in to Office 365 mailboxes.

When you disable modern authentication in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Office 365 mailboxes. They don’t use modern authentication.

Run this command to enable modern authentication in Exchange Online:

  • Connect Exchange Online with Power Shell
  • Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  • Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

Revert Back the settings :

  • Set-OrganizationConfig -OAuth2ClientProfileEnabled $false

Run this command to enable modern authentication in Skype for Business:

  • $cssession = New-CsOnlineSession –Credential $O365cred –OverrideAdminDomain
  • Import-PSSession $cssession
  • Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
  • Get-CsOAuthConfiguration

Revert Back the settings :

  • Set-CsOAuthConfiguration -ClientAdalAuthOverride disallowed