SOLVED

On-Prem sync to cloud native

%3CLINGO-SUB%20id%3D%22lingo-sub-753411%22%20slang%3D%22en-US%22%3EOn-Prem%20sync%20to%20cloud%20native%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753411%22%20slang%3D%22en-US%22%3ESo%20we%E2%80%99ve%20started%20a%20process%20to%20move%20users%20from%20a%20hybrid%20model%20to%20fully%20cloud%20in%20readiness%20to%20retire%20the%20local%20environment.%3CBR%20%2F%3EJust%20in%20testing%20we%20can%20move%20a%20user%20to%20an%20unsynced%20OU%2C%20and%20then%20restore%20in%20cloud.%3CBR%20%2F%3ETo%20this%20point%20we%E2%80%99re%20all%20good.%3CBR%20%2F%3E%3CBR%20%2F%3EHere%E2%80%99s%20the%20weird%20bit.%20So%20regardless%20of%20the%20fact%20that%20the%20user%20is%20in%20cloud%20and%20can%20logon%2C%20MFA%20is%20working%20etc%2C%20Outlook%20(as%20an%20example)%20is%20prompting%20for%20the%20legacy%20domain%5Cusername%20verses%20authenticating%20with%20email%20address%20as%20you%E2%80%99d%20expect.%3CBR%20%2F%3E%3CBR%20%2F%3EWhat%20are%20we%20missing%3F%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-753411%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EExchange%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOn-Premises%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753425%22%20slang%3D%22en-US%22%3ERe%3A%20On-Prem%20sync%20to%20cloud%20native%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753425%22%20slang%3D%22en-US%22%3EI%20can%20think%20of%202%20things.%20Modern%20Authentication%20became%20default%20from%20Outlook%202016%20so%20if%20you%20have%20Outlook%202013%20you%20might%20need%20to%20create%20a%20registry%20object%20to%20enable%20Modern%20Authentication.%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fmodern-auth-for-office-2013-and-2016%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Foffice365%2Fenterprise%2Fmodern-auth-for-office-2013-and-2016%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAlso%2C%20can%20you%20double%20check%20in%20your%20tenant%20if%20it%20is%20enabled%3F%20Get-OrganizationConfig%20%7C%20Format-Table%20Name%2COAuth*%20-Auto%20(see%20here%20for%20more%20information%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%3FredirectSourcePath%3D%25252farticle%25252f58018196-f918-49cd-8238-56f57f38d662%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2FExchange%2Fclients-and-mobile-in-exchange-online%2Fenable-or-disable-modern-authentication-in-exchange-online%3FredirectSourcePath%3D%25252farticle%25252f58018196-f918-49cd-8238-56f57f38d662%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3ELet%20us%20know%20if%20you%20managed%20to%20fix%20it%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753437%22%20slang%3D%22en-US%22%3ERe%3A%20On-Prem%20sync%20to%20cloud%20native%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753437%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F124415%22%20target%3D%22_blank%22%3E%40Dennis%20Hogewoning%3C%2FA%3Eyou're%20a%20genius!%3C%2FP%3E%3CP%3EThat%20worked.%20Our%20new%20desktop%20builds%20are%20Windows%2010%20with%20current%20Office%20365%20apps%20so%20luckily%20no%20problems%20with%20legacy%20there.%3C%2FP%3E%3CP%3EAs%20you%20said%20modern%20auth%20was%20disabled%20and%20that%20was%20the%20cause.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%2C%20you%20saved%20me%20going%20mad!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMark%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753439%22%20slang%3D%22en-US%22%3ERe%3A%20On-Prem%20sync%20to%20cloud%20native%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753439%22%20slang%3D%22en-US%22%3EHappy%20I%20was%20able%20to%20help%2C%20have%20a%20nice%20weekend%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-753718%22%20slang%3D%22en-US%22%3ERe%3A%20On-Prem%20sync%20to%20cloud%20native%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-753718%22%20slang%3D%22en-US%22%3EIf%20it%20ends%20up%20cropping%20up%20again%2C%20I%20would%20check%20auto%20discover%20and%20make%20sure%20you%20swung%20that%20to%20365%20as%20well.%3C%2FLINGO-BODY%3E
Highlighted
New Contributor
So we’ve started a process to move users from a hybrid model to fully cloud in readiness to retire the local environment.
Just in testing we can move a user to an unsynced OU, and then restore in cloud.
To this point we’re all good.

Here’s the weird bit. So regardless of the fact that the user is in cloud and can logon, MFA is working etc, Outlook (as an example) is prompting for the legacy domain\username verses authenticating with email address as you’d expect.

What are we missing?
4 Replies
Highlighted
Best Response confirmed by ebdenma (New Contributor)
Solution
I can think of 2 things. Modern Authentication became default from Outlook 2016 so if you have Outlook 2013 you might need to create a registry object to enable Modern Authentication. https://docs.microsoft.com/en-us/office365/enterprise/modern-auth-for-office-2013-and-2016

Also, can you double check in your tenant if it is enabled? Get-OrganizationConfig | Format-Table Name,OAuth* -Auto (see here for more information https://docs.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-mo...

Let us know if you managed to fix it :)

@Dennis Hogewoningyou're a genius!

That worked. Our new desktop builds are Windows 10 with current Office 365 apps so luckily no problems with legacy there.

As you said modern auth was disabled and that was the cause.

 

Thanks, you saved me going mad!

 

Mark

Highlighted
Happy I was able to help, have a nice weekend :)
Highlighted
If it ends up cropping up again, I would check auto discover and make sure you swung that to 365 as well.