Today, I am very happy to announce General Availability (GA) for Hybrid Modern Authentication (HMA) for Skype for Business and Exchange. This is a major milestone in our Modern Authentication journey.
This will enable customers to use Modern Auth enabled security features such as Multi Factor Authentication (MFA), Cert Based Authentication (CBA), AAD Conditional Access (CA) and Intune Mobile Application Management (MAM) for all their users, both those homed online as well as those homed onprem.
Here is a visual of the topology:
This design requires you to use Azure Active Directory as the authorization server for your onprem SfB and onprem Exchange deployments (note the blue arrow from SfB onprem and Exchange onprem to AUTH in the cloud).