Jan 18 2017 10:29 AM - edited Jan 18 2017 08:25 PM
Problem: Skype for Business for iOS mobile client cannot sign into Skype for Business *Online* after enabling MFA.
ADAL was enabled 2 days ago (1/17/17) in the Office 365 tenant
Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
( I also enabled ADAL for Exchange Online with this command:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true)
Reference 1: https://support.office.com/en-us/article/Enable-Exchange-Online-for-modern-authentication-58018196-f...
Reference 2: https://aka.ms/SkypeModernAuth
The work-around is to use MFA App Passwords, however, we shouldn't have to do that since the documentation states that the Skype for Business PC client is supposed to work because according to these two articles:
https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/
And th KB 3126604
Jan 19 2017 04:38 AM
Jan 19 2017 08:51 AM
Yes, that is the same article that I quoted at the bottom of my question but I referred to it as KB 3126604 (but it links to the same place your URL points to).
According to that article, The iOS mobile client for Skype for Business should be compatible with MFA but instead it requires me to put in an App Password.
Jan 26 2017 12:04 AM - edited Jan 26 2017 12:08 AM
@Joe Stocker, I had the same problem as you after enabling MFA on my user and enabling Modern Authentication on SfB Online + Exchange Online (IOS app right now 6.11.1.310). I agree with you, according to the KB3126604 , it's quite clear that if you're a pure online Office 365 tenant, MFA should work on IOS and Android.
For me, the problem was that I had played around with the app settings. On the logon screen, check Advanced Options before signing in - I had a different old User Name entered there at the top.
Jan 26 2017 12:18 AM
Well that was a good hint. I didn't have anything special in Advanced Settings configured, but I just tried deleting the Skype for Business iOS app and redownloading it from the AppStore and what do know ... I wasn't able to login in either before (with MFA) and now suddenly I am!
Jan 28 2017 02:11 AM
Jan 28 2017 02:12 AM
Feb 15 2017 10:24 PM
Feb 15 2017 11:30 PM
Feb 15 2017 11:39 PM
You may need to generate an Application Password and use that for the Exchange prompt you get in Skype. (https://docs.microsoft.com/en-us/azure/multi-factor-authentication/end-user/multi-factor-authenticat...)
For me, it took 3 to 4 days after running this command before I stopped getting that Exchange prompt in Skype:
Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
For more info see
https://aka.ms/SkypeModernAuth
In summary, It seems that after you enable MDAL in the Skype Powershell, that it does not take effect immediately.I have found a few forums that indicated that they also experienced several days of delay (reference: https://www.reddit.com/r/Office365/comments/4v5k39/adal_auth_with_azure_mfa_creating_a_new_outlook/)
Feb 15 2017 11:44 PM
Did you try deleting and re-installing the App again and try? As Ivan pointed out above, that was something he had to do even though is advanced user name field was empty.
Feb 15 2017 11:50 PM
The strange thing is, that I do NOT get another prompt to enter credentials for Exchange. Just a short info slider from the top stating that my exchange settings are not correct and that I have to change them. But with you mentioning that it might take a few days I will just be patient and sit out the weekend and try again! :)
Feb 16 2017 12:40 AM - edited Feb 16 2017 12:42 AM
the settings seems already be active, as I just had to use an Application Password to get into a powershell session with skype online to check the CsOAuthConfiguration (btw, isnt there a new command for that credential save in powershell to use MFA as well? MFA works with Connect-EXOPSSession for Exchange Online but not with Get-Credentials I just used for Skype it seems).
And to reiterate again, my problem doesnt seem to be MFA, but the inability of the Skype iOS App to understand where my Exchange mailbox is (its no longer on premise, it moved to Exchange Online, but all the DNS settings still point to on premise as best practise suggests).
and maybe I just make up a new thread, as the OPs subject is misleading to my problem I just realised. :)
Feb 24 2017 04:08 PM - edited Feb 24 2017 04:39 PM
That issue (EXO prompting for password) should go away with the latest IOS Preview client 6.13.0.102. Even after following the correct steps with respect to MFA, this was the only build that didn't require an actual app password to connect to EXO.
Feb 27 2017 05:56 AM
Feb 27 2017 06:56 AM
Yes - Preview I posted about is currently avaiable in TestFlight.
Apr 18 2017 07:20 AM
As a further update, build 6.14.0.224 (released April 17th) seems to have fully resolved all MFA issues experience to date.