SOLVED
Home

Questions on enabling Modern Authentication.

%3CLINGO-SUB%20id%3D%22lingo-sub-359707%22%20slang%3D%22en-US%22%3EQuestions%20on%20enabling%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359707%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Experts%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20our%20customer%20raised%20the%20below%20query%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20they%20switch%20the%20tenant%20over%20to%20modern%20auth%20what%20happens%20with%3A%3CBR%20%2F%3E%E2%80%A2%20New%20apps%20that%20try%20modern%20auth%20first%3CBR%20%2F%3ETheir%20assumption%20is%20that%20these%20will%20just%20switch%20over%20to%20modern%20auth%20seamlessly%20(or%20invoke%20MFA%2C%20CA%2C%20etc)%3CBR%20%2F%3E%E2%80%A2%20Older%20apps%20that%20have%20modern%20auth%20%E2%80%98bolted%20on%E2%80%99%20(Office%202013%20with%20patches)%3CBR%20%2F%3EHoping%20that%20these%20will%20also%20fail%20over%20seamlessly%3CBR%20%2F%3E%E2%80%A2%20Even%20older%20apps%20that%20don%E2%80%99t%20know%20about%20modern%20auth%20(Office%202010)%3C%2FP%3E%3CP%3EThey%E2%80%99d%20hope%20everything%20fails%20back%20to%20basic%20auth%20but%20They're%20assuming%20it%20will%20stop%20working%3F%3C%2FP%3E%3CP%3EFinally%2C%20the%20effects%20of%20the%20change%20on%20Outlook%20behaviour%20are%20quite%20important.%20They%E2%80%99ve%20seen%20Outlook%20pop%20up%20asking%20for%20authentication%20and%20the%20user%20name%20had%20to%20be%20entered%20in%20a%20specific%20format%20to%20continue%20(AZUREAD%5CUser%40Principal.Name).%3C%2FP%3E%3CP%3EThey%20need%20to%20make%20this%20change%20on%20a%20few%20tenants%20and%20they're%20worried%20about%20the%20larger%20ones%20that%20have%20many%20versions%20of%20Office%20deployed%20in%20multiple%20scenarios.%20The%20more%20information%20they%20can%20get%20the%20better.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20thanks%20in%20advance.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-359707%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EQuestions%20on%20enabling%20Modern%20Authentication.%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359844%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20enabling%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359844%22%20slang%3D%22en-US%22%3EIf%20device%20are%20domain%20joined%20with%20azure%20ad%20sync%20for%20the%20users%20setup%20the%20experience%20is%20seamless.%20If%20they%20are%20azure%20joined%20it%20gets%20more%20complicated%20and%20you%20will%20get%20the%20user%20prompt%20which%20is%20a%20pain%20point%20because%20you%20usually%20have%20to%20get%20it%20to%20error%20out%20to%20click%20the%20%E2%80%9Csign%20in%20with%20another%20account%E2%80%9D%20then%20use%20the%20same%20format%20to%20get%20it%20to%20take.%20For%20whatever%20reason%20just%20typing%20in%20the%20password%20with%20the%20existing%20login%20which%20is%20displayed%20correct%20doesn%E2%80%99t%20always%20work.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-359801%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20on%20enabling%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-359801%22%20slang%3D%22en-US%22%3E%3CP%3EEnabling%20Modern%20auth%20does%20nothing%20with%20respect%20to%20other%20auth%20methods%2C%20so%20all%20clients%20will%20continue%20to%20work%20as%20before.%20The%20only%20difference%20being%20that%20any%20client%20capable%20of%20(and%20using)%20MA%20will%20show%20the%20new%20auth%20UI%2C%20or%20log%20in%20the%20user%20automatically%2C%20depending%20on%20the%20configuration%20of%20the%20tenant%2Fapps.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20AzureAD%5CUPN%20format%20is%20used%20with%20devices%20joined%20to%20Azure%20AD%2C%20which%20by%20itself%20is%20a%20different%20scenario.%3C%2FP%3E%3C%2FLINGO-BODY%3E
SB V
Contributor

Hi Experts, 

 

One of our customer raised the below query:

 

If they switch the tenant over to modern auth what happens with:
• New apps that try modern auth first
Their assumption is that these will just switch over to modern auth seamlessly (or invoke MFA, CA, etc)
• Older apps that have modern auth ‘bolted on’ (Office 2013 with patches)
Hoping that these will also fail over seamlessly
• Even older apps that don’t know about modern auth (Office 2010)

They’d hope everything fails back to basic auth but They're assuming it will stop working?

Finally, the effects of the change on Outlook behaviour are quite important. They’ve seen Outlook pop up asking for authentication and the user name had to be entered in a specific format to continue (AZUREAD\User@Principal.Name).

They need to make this change on a few tenants and they're worried about the larger ones that have many versions of Office deployed in multiple scenarios. The more information they can get the better.

 

Many thanks in advance. 

2 Replies

Enabling Modern auth does nothing with respect to other auth methods, so all clients will continue to work as before. The only difference being that any client capable of (and using) MA will show the new auth UI, or log in the user automatically, depending on the configuration of the tenant/apps.

 

The AzureAD\UPN format is used with devices joined to Azure AD, which by itself is a different scenario.

Solution
If device are domain joined with azure ad sync for the users setup the experience is seamless. If they are azure joined it gets more complicated and you will get the user prompt which is a pain point because you usually have to get it to error out to click the “sign in with another account” then use the same format to get it to take. For whatever reason just typing in the password with the existing login which is displayed correct doesn’t always work.
Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies