Modern Authentication for Office 365 is based on Active Directory
Authentication Library (ADAL), which allows Office 2013 (not enabled by
default) and Office 2016 (by default) to use modern authentication instead of
basic Windows authentication. Modern Authentication provides additional support
for SAML & Multi Factor Authentication. Currently with Office 2013, and
Outlook if MFA is enabled for a user, App Passwords are required to allow
access to the desktop Office applications as they are using Basic
authentication.
What are Azure App Passwords?
Modern Authentication in Office 365, which was released from preview in
March 2015 removes this constraint. If enabled users no longer have to maintain
App Passwords in order to use the Office ProPlus desktop applications.
By default Modern Authentication is enabled for SharePoint Online,
Exchange and Skype for Business.
Modern Authentication (default settings update Nov 2017)
·
Exchange Online - On
·
SharePoint Online - On
·
Skype for Business Online - On
Both Office 2013/2016 support Modern Authentication. Office 2013 does not
have it enabled by default, it must be enabled by making a Registry edit.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL
= Value 1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version
= Value 1
In Office 2016 this is enabled by default.
PowerShell Sessions
To successfully run these commands you must first create PowerShell
connections to each of the services, for assistance on this review this blog
post;
Exchange Online
Get-OrganizationConfig
Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
Skype for Business Online
Get-CsOAuthConfiguration
Set-CsOAuthConfiguration -ClientAdalAuthOverride
Allowed
