Exchange 2016 Hybrid - Hybrid Modern Authentication only for external connection

Occasional Contributor

We want to use Outlook for iOS / Android with Hybrid Modern Auth to take advantage of CA and Intune.


After activation via
Set-OrganizationConfig -OAuth2ClientProfileEnabled $ true

Set-AuthServer -Identity EvoSTS * -IsDefaultAuthorizationEndpoint $ true

all internal Outlook 2016 clients also try to establish a connection via OAuth.


Since not all users are synchronized in the AAD, a connection is not possible for these users.


Does anyone have an idea how we can activate OAuth only for external connections or only for ActiveSync and the local clients still connect via Negotiate / NTLM?

1 Reply
Hello, I have the same issue, I try to mitigate it by using two "empty" exchange servers accessible from internet.
I think that disabling oauth on the other servers should solve the issue but I'm not sure. Did you find a solution?