Forum Discussion
Skype for Business Mobile App + Smart Card Required
MA will not help in this case has the Skype Business Mobile app will still require to enter a username and password.
Unfortunatelly the mobile client doesnt support auth methods different from username/password, as Jean-Philippe Breton mentioned above.
The table in the link i pasted seems to indicate CBA is supported for SfB Mobile when using SfBO.
Also this link here shows the supported topologys for Modern Auth which includes CBA for SfBO in the first table - Cloud Only. This is probably the best link on Technet for understanding the technical nuances between each topology and whats available with each.
https://technet.microsoft.com/en-us/library/mt803262.aspx
Good point Shawn....Forgot about Cert based Auth..
I have deployed ADCS Cert Based Auth as a MFA option. However it still requires the mobile client to enter username and password first. It doesn't replace that.
I contacted Alex Simons yesterday from the IDAM PG to get some more clarity on the expected behavior in SfB when using CBA. My understanding of CBA was no username/password was required as CBA is Certificate Based Auth leveraging Oauth/ADAL. (at least that was my understanding when this feature was released and when i was initially researching CBA for SfB Mobile). If a u/p still has to be entered then thats hardly any different to the native NTLM/TLS-DSK support thats been part of SfB Mobile since Lync 2013, although NTLM/TLS-DSK is obviously not MFA. Admittedly the initial auth uses NTLM but subsequent auths use the cert issued from the provisioning service. CBA has been something customers have been asking for for a while. If its use is restricted just to MFA then in my opinion that kind of makes the feature redundant especially for enteprise customers who do not allow the use of credentials or NTLM over the internet.
I've been meaning to lab this for quite some time so i can observe the behavior. Sounds like that time is now MarkVale ! Sorry for hijacking your thread OP!
