Questions about the impacts, implications if we enable Modern Authentication.

%3CLINGO-SUB%20id%3D%22lingo-sub-354754%22%20slang%3D%22en-US%22%3EQuestions%20about%20the%20impacts%2C%20implications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354754%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Experts%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20our%20customer%20raised%20the%20below%20query%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20customer%20would%20like%20to%20update%20their%20tenant%20to%20enable%20modern%20authentication%20so%20that%20conditional%20access%20applies%20properly.%20They%E2%80%99ve%20searched%20various%20websites%20and%20have%20conflicting%20information%20on%20the%20side%20effects%20of%20running%20the%20command%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESet-OrganizationConfig%20-OAuth2ClientProfileEnabled%20%24true%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHowever%20the%20below%20link%20indicates%20that%20there%20may%20be%20some%20issues%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIdentity-Authentication%2FRisks-when-enabling-ADAL-for-Exchange-Online-and-Skype%2Ftd-p%2F60756%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FIdentity-Authentication%2FRisks-when-enabling-ADAL-for-Exchange-Online-and-Skype%2Ftd-p%2F60756%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThey%E2%80%99d%20like%20to%20understand%20the%20repercussions%20of%20making%20this%20change%2C%20and%20can%20draft%20an%20appropriate%20change%20request%20for%20their%20customer.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20inputs%20would%20be%20of%20great%20help.%20Many%20thanks!!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-354754%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eimplications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EQuestions%20about%20the%20impacts%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-354808%22%20slang%3D%22en-US%22%3ERe%3A%20Questions%20about%20the%20impacts%2C%20implications%20if%20we%20enable%20Modern%20Authentication.%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-354808%22%20slang%3D%22en-US%22%3E%3CP%3EMain%20impacts%20are%20Password%20prompts%20(Users%20will%20be%20prompted%20for%20creds%20once%20tokens%20expire).%20And%20that's%20about%20it%20TBH.%20Unless%20they%20are%20running%20old%20legacy%20office%20clients%20etc.%20there%20may%20be%20some%20issues%20around%20that%2C%20but%20it's%20one%20of%20those%20things%20where%20you%20aren't%20forcing%20modern%20auth%2C%20you're%20just%20allowing%20it%2C%20so%20impact%20is%20minimal.%20%3CBR%20%2F%3E%3CBR%20%2F%3EIt%20was%20only%20an%20issue%20with%20my%20org%20cause%20people%20forget%20their%20passwords%20cause%20they%20rely%20on%20Windows%20Hello%20for%20Business%20PIN's.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20want%20to%20say%20there%20was%20also%20an%20issue%20with%20the%20passwords%20not%20taking%20but%20I%20don't%20think%20it%20was%20related%20to%20this.%20If%20so%2C%20we%20had%20to%20basically%20try%20logging%20in%2C%20password%20wouldn't%20take%2C%20and%20then%20click%20on%20try%20logging%20in%20with%20a%20different%20account%2C%20manually%20type%20in%20e-mail%20and%20password%20and%20it%20would%20then%20take.%20This%20from%20what%20I%20remember%20happened%20on%20users%20that%20had%20synced%20domain%20accounts%20that%20had%20Azure%20AD%20Joined%20computers.%20Anyone%20with%20domain%20joined%20machines%20was%20fine.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi Experts,

 

One of our customer raised the below query:

 

The customer would like to update their tenant to enable modern authentication so that conditional access applies properly. They’ve searched various websites and have conflicting information on the side effects of running the command:

 

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

 

However the below link indicates that there may be some issues:

 

https://techcommunity.microsoft.com/t5/Identity-Authentication/Risks-when-enabling-ADAL-for-Exchange...

 

They’d like to understand the repercussions of making this change, and can draft an appropriate change request for their customer.

 

Any inputs would be of great help. Many thanks!!

1 Reply
Highlighted

Main impacts are Password prompts (Users will be prompted for creds once tokens expire). And that's about it TBH. Unless they are running old legacy office clients etc. there may be some issues around that, but it's one of those things where you aren't forcing modern auth, you're just allowing it, so impact is minimal.

It was only an issue with my org cause people forget their passwords cause they rely on Windows Hello for Business PIN's.

 

I want to say there was also an issue with the passwords not taking but I don't think it was related to this. If so, we had to basically try logging in, password wouldn't take, and then click on try logging in with a different account, manually type in e-mail and password and it would then take. This from what I remember happened on users that had synced domain accounts that had Azure AD Joined computers. Anyone with domain joined machines was fine.