Forum Discussion

AndrewX's avatar
AndrewX
Iron Contributor
Apr 03, 2019

Modern Auth: Clear as mud

Hi, in a tenant where OAuth2ClientProfileEnabled is $false, is it possible for any client to be using modern authentication; or are all clients limited to basic authentication protocols only?

 

On iOS, when connecting a mailbox to the native mail app, with the aboveOAuth2ClientProfileEnabled $false configuration, i get a web based oauth sign in page.  This indicates to me that this is a "modern" auth flow even though OAuth2ClientProfileEnabled is set to false.

 

Please help me understand.

  • As mentioned in the documentation: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

     

    Spoiler
    • Enabling or disabling modern authentication in Exchange Online as described in this topic only affects modern authentication connections by Outlook 2013 or later clients.

    • Other email clients that support modern authentication (for example, Outlook Mobile, Outlook for Mac 2016, and Exchange ActiveSync in iOS 11 or later) always use modern authentication to log in to Exchange Online mailboxes, regardless of whether you enable or disable modern authentication for Outlook 2013 or later clients as described in this topic.

    And in case you've missed it: https://blogs.technet.microsoft.com/exchange/2019/04/01/exchange-online-modern-authentication-and-conditional-access-updates/

  • As mentioned in the documentation: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

     

    Spoiler
    • Enabling or disabling modern authentication in Exchange Online as described in this topic only affects modern authentication connections by Outlook 2013 or later clients.

    • Other email clients that support modern authentication (for example, Outlook Mobile, Outlook for Mac 2016, and Exchange ActiveSync in iOS 11 or later) always use modern authentication to log in to Exchange Online mailboxes, regardless of whether you enable or disable modern authentication for Outlook 2013 or later clients as described in this topic.

    And in case you've missed it: https://blogs.technet.microsoft.com/exchange/2019/04/01/exchange-online-modern-authentication-and-conditional-access-updates/

Resources