Forum Discussion
Solved
Risks when enabling ADAL for Exchange Online and Skype
I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki: https://social.technet.microsoft.com/wiki/contents/articles/36101....
You are simply enabling another auth provider, it is not directly tied to MFA. As long as the client supports ADAL/Modern auth, it will follow the new auth process (with or without MFA), and if it does not support it, it will use the legacy method. Apart from some of the PowerShell modules and sme 3rd party apps, all apps should have proper support for Modern auth now.
And Modern Auth is now being rolled out to all tenants apart from those using ADFS. See https://blogs.technet.microsoft.com/exchange/2019/04/01/exchange-online-modern-authentication-and-conditional-access-updates/ for this and the changes to expect.
Brian Reid But it still hasn't - and there isn't communication on whether it is 'done' or will 'be done'.
- I have checked :) and its not enabled, not for Exchange Online or Skype 4 Business
- You can check the setting in Skype for Business Online PowerShell to see if it has changed in your tenant. There is not often communication that a rollout has finished. And then if you are not using ADFS, just enable ADAL for Skype and then again for Exchange. If you have ADFS then you need to change any claims rules you have for Skype and Exchange. If you don't have claims rules then enable ADAL and consider moving to AzureAD SSO instead of ADFS