Forum Discussion

Iron Contributor

Nov 24, 2019

ADFS 2016, Exchange Online, Office 365.

Hey Guys, Trying to understand something here. I have ADFS 2016 installed on-prem and am able to to correctly authenticate to it, when using my phone and when using OWA. However, what about...

MVP

Nov 25, 2019

Outlook 2016 and above supports Modern authentication by default, meaning it can use the same auth mechanisms as the browser client. However, MA needs to be enabled both client side and server side. The easiest way to tell is to simply look at the login prompt you are getting. Or if you want to check on the AD FS server side, the audit logs should show calls to the /adfs/ls endpoint.

Robert Bollinger
Iron Contributor
Nov 26, 2019
VasilMichev

Thanks for the response. I don't think I asked the question right. Everything is working fine, however what I wanted to know was why I was able to authenticate successfully using outlook when the ADFS server was not accessible via the internet. I can also add a new account as well, and still Auth again when my ADFS server is inaccessible.

I have PTA auth enabled in the tenant as well, I cant figure out how to disable it, even though i turned it off via Ad Connect.

Thanks,

Robert
- VasilMichev
  MVP
  Nov 26, 2019
  As long as you have a valid refresh token, the local AD FS server plays no role. Only when the token expires the client will be redirected to the AD FS server.