Nov 26 2019
04:47 PM
- last edited on
Jan 14 2022
04:36 PM
by
TechCommunityAP
Nov 26 2019
04:47 PM
- last edited on
Jan 14 2022
04:36 PM
by
TechCommunityAP
Recently we implemented MFA and all the sudden i get loads of failed logins with Browser identified as Lync.exe with the failure "User did not pass the MFA challenge (non interactive)."
Clearly Lync is the old version of Skype for Business. If this is failing wouldn't the person be having issues with their Lync not working? I would have thought so but no one is complaining.
Nov 26 2019 10:01 PM
Nov 26 2019 10:55 PM
Nov 26 2019 10:57 PM
Dec 19 2019 06:57 PM
@Thijs Lecomte that kind of makes sense. Looking at the S4B in the task manager the running the process for S4B appears to be Lync.exe
However you say S4B supports modern auth but when i look at AzureAD logs it fails MFA as non interactive. The entry says "User did not pass the MFA challenge (non interactive)."
So based on this I would expect S4B to not work yet it does. Kind of contradictory.
Dec 19 2019 11:36 PM
Sep 15 2020 05:39 AM
Hi
We also have legacy auth in the AAD sign-ins for lync.exe for one of our client ad for almost all their users.
S4b is on-prem (not sure if in hybrid mode yet) + Mailboxes in Exchange Online (hybrid mode with a few service mailboxes on the on-prem Exchange server) + ADFS for authentication.
We want to enable MFA using Conditional access policies but we first need to get rid of these legacy authentications from lync.exe.
Anybody can confirm that going through the following procedure will enable Modern Auth for lync.exe without impacting the services?
https://docs.microsoft.com/en-us/microsoft-365/enterprise/configure-skype-for-business-for-hybrid-mo...
Anything else to consider?
Thank you for you help.
Sep 17 2020 12:37 AM
Sep 17 2020 11:35 AM