Forum Discussion
Solved
Risks when enabling ADAL for Exchange Online and Skype
I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki: https://social.technet.microsoft.com/wiki/contents/articles/36101....
You are simply enabling another auth provider, it is not directly tied to MFA. As long as the client supports ADAL/Modern auth, it will follow the new auth process (with or without MFA), and if it does not support it, it will use the legacy method. Apart from some of the PowerShell modules and sme 3rd party apps, all apps should have proper support for Modern auth now.
Any articles that discuss app passwords are old and out of date by at least a few years. App passwords matter only when on Outlook 2010 (generally speaking) and older PowerShell modules.
Instead turn on SSO and Modern Authentication and then the user will automatically sign in (if domain joined on the Lan).
Instead turn on SSO and Modern Authentication and then the user will automatically sign in (if domain joined on the Lan).
Brian,
Thanks for the help and advice.
Again, I wish that the Microsoft articles were clear on this issue. If I knew this six months ago, we would not be in this current bad situation.
- Joining this topic very late but after hitting an immediate problem with modern authentication in Office 2016 semi-annual (v1803), I wouldn't agree that turning on modern authentication is safe! I've just done a trial this evening after getting permission from the account and the test users immediately his the fault discussed here:
https://techcommunity.microsoft.com/t5/Azure-Active-Directory/Azure-AD-W10-and-Outlook/td-p/96119
This fault/issue is fixed in the current targeted semi-annual release (v1808) but occurs in the current semi-annual release (v1803 - which most Office 365 users are on). This version was released in July this year so the issue has only been recently fixed. It'll be fixed in the next semi-annual release in January so not that long to wait.
