Modern Auth On for EXO and S4B Online but Off for S4B Hybrid / EX Hybrid

%3CLINGO-SUB%20id%3D%22lingo-sub-282146%22%20slang%3D%22en-US%22%3EModern%20Auth%20On%20for%20EXO%20and%20S4B%20Online%20but%20Off%20for%20S4B%20Hybrid%20%2F%20EX%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-282146%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ei%20want%20to%20understand%20the%20impact%20of%20enabling%20modern%20authentication%20for%20Exchange%20Online%20and%20Skype%20for%20Business%20Online%20in%20the%20following%20scenario%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESkype%20for%20Business%20On%20Premises%20Environment%20with%201%20S4B%202015%20Site%20(Main%20Site)%20and%201%20Lync%202013%20Site%3C%2FP%3E%3CP%3ESkype%20for%20Business%20Hybrid%20PSTN%20configured%20with%20Office365%3C%2FP%3E%3CP%3EExchange%26nbsp%3B%20On%20Premises%202013%20with%20existing%20Hybrid%20setup%20with%20Office%20365%3C%2FP%3E%3CP%3EPolycom%20Trio%20and%20VVX%20devices%3C%2FP%3E%3CP%3ENo%20MFA%20for%20users%3C%2FP%3E%3CP%3EModern%20Authentication%20only%20activated%20for%20Sharepoint%20Online%2C%20not%20for%20Exchange%20Online%20and%20Skype%20for%20Business%20Online%3C%2FP%3E%3CP%3EOffice%202016%20Click2Run%20for%20all%20Clients%3C%2FP%3E%3CP%3EADFS%203.0%20is%20in%20use%20with%20no%20special%20claims%3C%2FP%3E%3CP%3EIntune%20should%20be%20used%20for%20conditional%20access%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUser%20combinations%3A%3C%2FP%3E%3CP%3ES4B%20User%20On%20Premises%20with%20mailbox%20in%20Exchange%20Online%3C%2FP%3E%3CP%3ES4B%20User%20On%20Premises%20with%20mailbox%20in%20Exchange%20On%20Premises%3C%2FP%3E%3CP%3ES4B%20User%20in%20Office%20365%20with%20mailbox%20in%20Exchange%20Online%3C%2FP%3E%3CP%3ES4B%20User%20in%20Office%20365%20with%20mailbox%20in%20Exchange%20On%20Premises%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWhat%20we%20want%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20only%20want%20to%20enable%20modern%20authentication%20for%20Exchange%20Online%20and%20Skype%20for%20Business%20Online.%20The%20documentation%20from%20Microsoft%20is%20somewhat%20confusing.%20Some%20articles%20state%20that%20we%20would%20have%20to%20enable%20modern%20authentication%20for%20the%20S4B%20on%20premises%20environment%20too.%20So%20basically%20the%20qiuestion%20is%20can%20we%20activate%20modern%20authentication%20for%20Exchange%20Online%20and%20Skype%20for%20Business%20Online%20and%20leave%20it%20off%20for%20the%20S4B%20Hybrid%20%2F%20Exchange%20Hybrid%20On%20Premises%20environment%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20attached%20a%20picture%20which%20undermines%20my%20assumption%20that%20it%20should%20be%20possible%20to%20turn%20Modern%20Authentication%20On%20for%20EXO%20and%20S4B%20Online%20and%20leave%20it%20off%20for%20the%20on%20premises%20components%20even%20if%20they%20are%20hybrid.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-282146%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EFederation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESign-in%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-288509%22%20slang%3D%22en-US%22%3ERe%3A%20Modern%20Auth%20On%20for%20EXO%20and%20S4B%20Online%20but%20Off%20for%20S4B%20Hybrid%20%2F%20EX%20Hybrid%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-288509%22%20slang%3D%22en-US%22%3E%3CP%3EAnyone%20with%20an%20idea%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

i want to understand the impact of enabling modern authentication for Exchange Online and Skype for Business Online in the following scenario:

 

Skype for Business On Premises Environment with 1 S4B 2015 Site (Main Site) and 1 Lync 2013 Site

Skype for Business Hybrid PSTN configured with Office365

Exchange  On Premises 2013 with existing Hybrid setup with Office 365

Polycom Trio and VVX devices

No MFA for users

Modern Authentication only activated for Sharepoint Online, not for Exchange Online and Skype for Business Online

Office 2016 Click2Run for all Clients

ADFS 3.0 is in use with no special claims

Intune should be used for conditional access

 

User combinations:

S4B User On Premises with mailbox in Exchange Online

S4B User On Premises with mailbox in Exchange On Premises

S4B User in Office 365 with mailbox in Exchange Online

S4B User in Office 365 with mailbox in Exchange On Premises

 

What we want:

 

We only want to enable modern authentication for Exchange Online and Skype for Business Online. The documentation from Microsoft is somewhat confusing. Some articles state that we would have to enable modern authentication for the S4B on premises environment too. So basically the qiuestion is can we activate modern authentication for Exchange Online and Skype for Business Online and leave it off for the S4B Hybrid / Exchange Hybrid On Premises environment?

 

I have attached a picture which undermines my assumption that it should be possible to turn Modern Authentication On for EXO and S4B Online and leave it off for the on premises components even if they are hybrid.

1 Reply
Highlighted