Forum Discussion
Risks when enabling ADAL for Exchange Online and Skype
I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:
https://social.technet.microsoft.com/wiki/contents/articles/36101.office-365-enable-modern-authentication.aspx
It seems relatively trivial to enable this, but I have some reservations about making the change. Does anyone know of risks involved, or any differences that users who don't have MFA enabled might see? Will the current sign in workflow still look the same for everyone? We use the web applications, Office 2016, and iOS and Android applications for access.
Thanks!
You are simply enabling another auth provider, it is not directly tied to MFA. As long as the client supports ADAL/Modern auth, it will follow the new auth process (with or without MFA), and if it does not support it, it will use the legacy method. Apart from some of the PowerShell modules and sme 3rd party apps, all apps should have proper support for Modern auth now.
53 Replies
Hi Matt,
It's not risky at all. At my experience it's simple as you mention.
I didn't experience any issues when enabling OAuth in my tenancy - apart from not being able to log in to my account when on a different users PC, which is to be expected.
The rollback is easy enough, though be sure to communicate the change to your users.
- Is that because you have MFA enabled? We don't have this enabled yet, except for a few test users. Don you believe that if I make these changes that no one will notice a difference in sign in process?
You are simply enabling another auth provider, it is not directly tied to MFA. As long as the client supports ADAL/Modern auth, it will follow the new auth process (with or without MFA), and if it does not support it, it will use the legacy method. Apart from some of the PowerShell modules and sme 3rd party apps, all apps should have proper support for Modern auth now.
