Apr 07 2017 12:23 PM
I'm considering enabling ADAL/Oauth for our Office 365 tenant to begin working with MFA, and am using the information in this wiki:
It seems relatively trivial to enable this, but I have some reservations about making the change. Does anyone know of risks involved, or any differences that users who don't have MFA enabled might see? Will the current sign in workflow still look the same for everyone? We use the web applications, Office 2016, and iOS and Android applications for access.
Thanks!
Nov 09 2018 05:42 PM
Daniel,
Sorry, I did not specifically address your comment:
Modern Authentication should be enabled by default so unless you've disabled it via policy, it should be fine.
For whatever reason, Modern Authentication was disabled in our tenant. I do not know why. This is the reason I posted this question and why I am concerned.
This is a tenant wide change and it seems the behavior of all the clients will change.
I opened a case with Microsoft Support, and they told me that MFA App Passwords will no longer function after I enable Modern Authentication on the tenant. They said that all the users will be immediately prompted to re-enter then passwords and then use their OTP to authentication.
So I am very concerned about this and I do not think that I can enable Modern Authentication now.
Thanks again for your help.
Nov 10 2018 12:48 PM
Nov 10 2018 02:06 PM
Brian,
Thanks for confirming. I really wish that Microsoft did a better job of communicating this significant piece of information about MFA App Passwords not working with Modern Authentication. I still have not found any Microsoft article or document that explains this. All articles that I read tell you to use App Passwords with non-browser based clients like Outlook and ActiveSync clients. If we had checked for this in advance, we would not be in this mess.
I do not think that I can turn Modern Authentication on at this point and disrupt all of our users. If App Passwords would continue to work after enabling Modern Authentication, we could gradually transition our users.
Nov 11 2018 09:10 AM
Nov 11 2018 02:52 PM
Brian,
Thanks for the help and advice.
Again, I wish that the Microsoft articles were clear on this issue. If I knew this six months ago, we would not be in this current bad situation.
Nov 23 2018 01:00 PM
Nov 23 2018 01:03 PM
Nov 23 2018 02:33 PM
Nov 24 2018 03:20 AM
Nov 24 2018 03:22 AM
Apr 03 2019 12:22 PM - edited Apr 03 2019 12:27 PM
Jun 18 2019 03:42 AM
@Brian Reid But it still hasn't - and there isn't communication on whether it is 'done' or will 'be done'.
Jun 18 2019 05:40 AM
Jun 18 2019 05:41 AM