Configuring Office 365 Modern Authentication

Introduction

Modern authentication in Office 365 leverage Active Directory Authentication Library (ADAL)-based sign-in to Office client apps. Modern Authentication allows administrators to enable features such as Multi-Factor Authentication (MFA), SAML-based third-party Identity Providers with Office client applications, smart card and certificate-based authentication, and it removes the need for Outlook to use the basic authentication protocol.

Why we need Modern Authentication?

Office 365 Multi-Factor Authentication (MFA) enables you to configure additional layer of security for user sign-in process to ensure data protection and minimize the security risk. Users who are enabled for multi-factor authentication are required to configure App Password in order to use Office desktop applications, including Outlook, Skype for Business, Word, Excel, PowerPoint and OneDrive for Business. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor. App passwords are randomly generated and its hard for end users to memorize these passwords. Modern Authentication in Office 365 help desktop applications to user ADAL based authentication and eliminate the need to memorize app password.

Modern Authentication requires minimum of Office 2013 client (15.0.4753.1001) installed on workstations

By default, Office 2016 client apps are enabled for modern authentication and do not require any additional configuration on client side. For Office 2013 client apps, we need to have a registry keys set up on end user operating system to enable support for modern authentication.To enable modern authentication support for Windows workstation running Office 2013 client apps, following registry keys are required.

Configuring Office 365 Modern Authentication

Configuring Modern Authentication for Office Apps

Modern authentication in Office 365 is enabled per user basis for workloads in Office 365. By default, modern authentication is enabled for SharePoint online and you do not have to configure anything in SharePoint online to enable modern authentication.

Configuring Exchange Online for Modern Authentication

Follow the steps to configure Exchange online for Modern authentication in Office 365.

Get-OrganizationConfig | ft OAuth*

Configuring Office 365 Modern Authentication

  • To enable the modern authentication for Exchange online, run the following cmdlet

Set-OrganizationConfig -OAuth2ClientProfileEnabled $True

Configuring Office 365 Modern Authentication

  • To verify that the Modern Authentication is enabled for Exchange online, Re-run the Get-OrganizationConfig cmdlet

Configuring Office 365 Modern Authentication

Configuring Skype for Business Online for Modern Authentication

Follow the steps to configure Modern Authentication for Skype for Business online in Office 365.

Get-CsOAuthConfiguration

  • To enable modern authentication for Skype for Business online, run the following cmdlet

Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed

Configuring Office 365 Modern AuthenticationOnce the Modern authentication is enabled for Office 365 workloads and client side is updated as well with registry key for Office 2013 clients, app password requirement will be eliminated. MFA enabled users will get the same experience during the authentication process that other user have who do not have MFA enabled on their account.

 

Exchange Online Advanced Threat Protection

Exchange Online Advanced Threat Protection

Exchange Online Advanced Threat Protection

In the modern era, we have seen a steady increase in data security specially the email security against spammer. Spammers are constantly changing the way they send and mask spam/viruses. Microsoft is continuously working to protect their customers against modern era techniques so that customer can enjoy the best in class services. With that being said, On 8-April Microsoft has announced the new advanced robust optional feature to protect against Spam, viruses and malware with Exchange Online Protection. Yes ! I’m talking about new Exchange Online Advanced Threat Protection and I’m excited to deep dive into ATP. Currently ATP is available in private preview only and is expected to be available to commercial customers as optional service by this summer.

ATP will have the following advanced features as optional service.

  1. Protection against unknown malware & Viruses
  2. Real time protection against malicious URLs
  3. URL trace & Rich Reporting

ATP will be available at $2 per user per month for commercial customers and $1.75 for government pricing customers as optional feature.

More details on ATP can be found on Office Blog.