Home
Microsoft

Hybrid Modern Auth for SfB and Exchange goes GA!

Today, I am very happy to announce General Availability (GA) for Hybrid Modern Authentication (HMA) for Skype for Business and Exchange.  This is a major milestone in our Modern Authentication journey.

This will enable customers to use Modern Auth enabled security features such as Multi Factor Authentication (MFA), Cert Based Authentication (CBA),  AAD Conditional Access (CA) and Intune Mobile Application Management (MAM) for all their users, both those homed online as well as those homed onprem.

 

Here is a visual of the topology:

 HMA - EX and SfB onprem.png

 

 

This design requires you to use Azure Active Directory as the authorization server for your onprem SfB and onprem Exchange deployments (note the blue arrow from SfB onprem and Exchange onprem to AUTH in the cloud).

 

The prerequisites and instructions to enable HMA can be found here: https://aka.ms/ModernAuthOverview

 

Updated list of SfB MA Supported Topologies is here: Skype for Business topologies supported with Modern Authentication

 

Also, two of my colleagues have published their own excellent blogs on this topic.

Announcing Hybrid Modern Authentication for Exchange On-Premises

Hybrid Modern Authentication for Skype for Business

 

                   

 

4 Comments
Contributor

If I running hybrid exchange mode, do I need to enable both exchange on-prem and exchange online or just enable online MFA to support exchange online user is enough?

Microsoft

Hi John, 

To support MFA for exchange online users, just turning on MA in Exchange online is enough.  However, it means users may get multiple prompts when logging in.  We recommend you turn on MA on both Exchange onprem and Exchange online for the best user experience.

New Contributor

Is MFA supported when using EXO with SfBO and SfB On-Prem Hybrid? I do not see it specifically referenced, but I assume with would be the same as the above mentioned diagram just without the EXCH portion.

Microsoft

Dewalt,

Yes, MA and O365 MFA is supported when using EXO with SfBO and SfB On-Prem Hybrid.  This is just a subset of the above diagram.  Your assumption is correct.