We’re constantly improving the security of Office 365 products and services. Modern Authentication and Conditional Access are two of the best ways of ensuring that your clients can take advantage of ...
Updated Jul 01, 2019
Version 2.0
Blog Post
There is a demand by our leadership that we enable MFA for the outlook 2016 Fat Client. We already do this for OWA and ECP by redirecting to on prem ADFS to our internal IDP.
1. We are 100% on prem. 0 hybrid. Yes there are plans, but during the scope of this demand.
2. I ensured that all my VD are setup of Modern Auth. OAUTH is available.
3. Setting RPC does not allow for OAUTH???
4. I have validated the OAUTH cert Get-ExchangeCertificate (Get-AuthConfig).CurrentCertificateThumbprint
5. I have configured exchange online [PS] C:\Windows\system32>Get-PartnerApplication "Exchange Online"
and enabled is set to $TRUE
6. The organizationconfig for oauth2 is set to $TRUE
7. We are only going to allow 2016 and block older versions. ADAL support is on by default.
Questions:
1. When I set MFA for OWA and ECP there was an ADFS issuer that I pointed exchange two. Where is this for MAPI.
2. How do I redirect authentication for MAPI
3. I know AAD and HYBRID scenarios this can be done. Can a 100% ON PREM accomplish this.