Home

Questions about the impacts, implications if we enable Modern Authentication.

%3CLINGO-SUB%20id%3D%22lingo-sub-354754%22%20slang%3D%22en-US%22%3EQuestions%20about%20the%20impacts%2C%20implications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354754%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Experts%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20our%20customer%20raised%20the%20below%20query%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20customer%20would%20like%20to%20update%20their%20tenant%20to%20enable%20modern%20authentication%20so%20that%20conditional%20access%20applies%20properly.%20They%E2%80%99ve%20searched%20various%20websites%20and%20have%20conflicting%20information%20on%20the%20side%20effects%20of%20running%20the%20command%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESet-OrganizationConfig%20-OAuth2ClientProfileEnabled%20%24true%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20the%20below%20link%20indicates%20that%20there%20may%20be%20some%20issues%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIdentity-Authentication%2FRisks-when-enabling-ADAL-for-Exchange-Online-and-Skype%2Ftd-p%2F60756%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIdentity-Authentication%2FRisks-when-enabling-ADAL-for-Exchange-Online-and-Skype%2Ftd-p%2F60756%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%E2%80%99d%20like%20to%20understand%20the%20repercussions%20of%20making%20this%20change%2C%20and%20can%20draft%20an%20appropriate%20change%20request%20for%20their%20customer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20inputs%20would%20be%20of%20great%20help.%20Many%20thanks!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-354754%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eimplications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuestions%20about%20the%20impacts%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-354808%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20about%20the%20impacts%2C%20implications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354808%22%20slang%3D%22en-US%22%3E%3CP%3EMain%20impacts%20are%20Password%20prompts%20(Users%20will%20be%20prompted%20for%20creds%20once%20tokens%20expire).%20And%20that's%20about%20it%20TBH.%20Unless%20they%20are%20running%20old%20legacy%20office%20clients%20etc.%20there%20may%20be%20some%20issues%20around%20that%2C%20but%20it's%20one%20of%20those%20things%20where%20you%20aren't%20forcing%20modern%20auth%2C%20you're%20just%20allowing%20it%2C%20so%20impact%20is%20minimal.%20%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20was%20only%20an%20issue%20with%20my%20org%20cause%20people%20forget%20their%20passwords%20cause%20they%20rely%20on%20Windows%20Hello%20for%20Business%20PIN's.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20want%20to%20say%20there%20was%20also%20an%20issue%20with%20the%20passwords%20not%20taking%20but%20I%20don't%20think%20it%20was%20related%20to%20this.%20If%20so%2C%20we%20had%20to%20basically%20try%20logging%20in%2C%20password%20wouldn't%20take%2C%20and%20then%20click%20on%20try%20logging%20in%20with%20a%20different%20account%2C%20manually%20type%20in%20e-mail%20and%20password%20and%20it%20would%20then%20take.%20This%20from%20what%20I%20remember%20happened%20on%20users%20that%20had%20synced%20domain%20accounts%20that%20had%20Azure%20AD%20Joined%20computers.%20Anyone%20with%20domain%20joined%20machines%20was%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E
SB V
Contributor

Hi Experts,

 

One of our customer raised the below query:

 

The customer would like to update their tenant to enable modern authentication so that conditional access applies properly. They’ve searched various websites and have conflicting information on the side effects of running the command:

 

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

 

However the below link indicates that there may be some issues:

 

https://techcommunity.microsoft.com/t5/Identity-Authentication/Risks-when-enabling-ADAL-for-Exchange...

 

They’d like to understand the repercussions of making this change, and can draft an appropriate change request for their customer.

 

Any inputs would be of great help. Many thanks!!

1 Reply

Main impacts are Password prompts (Users will be prompted for creds once tokens expire). And that's about it TBH. Unless they are running old legacy office clients etc. there may be some issues around that, but it's one of those things where you aren't forcing modern auth, you're just allowing it, so impact is minimal.

It was only an issue with my org cause people forget their passwords cause they rely on Windows Hello for Business PIN's.

 

I want to say there was also an issue with the passwords not taking but I don't think it was related to this. If so, we had to basically try logging in, password wouldn't take, and then click on try logging in with a different account, manually type in e-mail and password and it would then take. This from what I remember happened on users that had synced domain accounts that had Azure AD Joined computers. Anyone with domain joined machines was fine.

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies