cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Turning on Modern Authentication with mixed Outlook versions

NidalT
Brass Contributor

‎Dec 06 2017 09:56 AM - last edited on ‎Feb 01 2023 01:52 PM by

‎Dec 06 2017 09:56 AM - last edited on ‎Feb 01 2023 01:52 PM by

Turning on Modern Authentication with mixed Outlook versions

Hi,

 

We have not yet turned on Modern Authentication in our tenant.

 

Our scenario:

Hybrid environment with Exchange 2010 and Office 365 without ADFS.

We have approximately 1.5k users with an Enterprise E3 licenses and Office 365 ProPlus 2016

Another 1.5k users with Enterprise E1 license and Office 2010 (we still have a lot of licenses for Ofiice 2010, and E3 is quite expensive)

And another 2k users with Enterprise F1 (formerly K1) licenses.

Multi-Factor Authentication is enforced on all our users.

 

All Outlook and Skype for Business profiles have been set up with an App Password because of MFA.

 

If we enable Modern Authentication, what would happen with all those configured accounts?

Would they get another login prompt or would it just continue to work?

 

There is no way to enable it to a couple of users and see what would happen.

 

Also, what about the users who still have Office 2010? Would they be able to continue working with the App Passwords?

Or would we render them to be unable to login in Outlook anymore?

 

It's hard for us to know what the consequences are.

The last thing we want is to cause issues with users' Outlook and Skype for Business.

It took us a lot of effort to teach them about MFA and App Passwords.

3,490 Views
1 Like
5 Replies
Reply
5 Replies
Vasil Michev

‎Dec 06 2017 10:49 AM

‎Dec 06 2017 10:49 AM

Re: Turning on Modern Authentication with mixed Outlook versions

If you enable Modern auth server-side, old clients will still be able to connect via legacy auth, unless you specifically block it (whether you can actually block it is a different topic altogether). So in general, you should not see a change in behavior with them.

 

But any user with 2013/2013 *should* switch to using Modern auth. You can enable it client-side for few test/pilot users and make sure you don't run into any stopping issues with them. I would even advise you to clear the stored credentials in order to force the switch if it doesn't automatically happen. App passwords are an ugly hack and you should stop using them where possible.

2 Likes
Reply
NidalT

‎Dec 06 2017 02:16 PM

‎Dec 06 2017 02:16 PM

Re: Turning on Modern Authentication with mixed Outlook versions

An ideal scenario would be that we enable it for the whole organization and nothing would change for all accounts that are already configured.

 

We would then let most of it phase out:

-> New users would get Modern Auth

-> Existing users receiving new device would get Modern Auth

-> We would switch others in batches

 

This would allow us to do it at our own pace without causing a big bang by enabling it for the whole organization.
However, I couldn't find any official article that explained this in detail.

Nowhere is mentioned what would happen to existing clients and older Outlook versions.

 

And yes, we don't like app password either. Modern Auth would allow us to get rid of it.

0 Likes
Reply
S Aziz

‎Apr 08 2019 06:35 PM

‎Apr 08 2019 06:35 PM

Re: Turning on Modern Authentication with mixed Outlook versions

I have a similar situation although slightly different scenario.

We have Outlook 2016 clients in Exchange Online with Modern Auth OFF at the tenant level. If Modern Auth is enabled, what would the Outlook behavior be? Would Outlook clients switch silently or would there be auth prompts?
Thanks.
0 Likes
Reply
NidalT

‎Apr 16 2019 12:47 PM

‎Apr 16 2019 12:47 PM

Re: Turning on Modern Authentication with mixed Outlook versions

Well, I'm curious myself. So if you figure it out please share your experience :)
0 Likes
Reply
S Aziz

‎Apr 16 2019 01:14 PM

‎Apr 16 2019 01:14 PM

Re: Turning on Modern Authentication with mixed Outlook versions

@NidalT 

 

We turned on Modern Auth and did not experience any auth prompts.

 

Thanks.

1 Like
Reply