Let me start with a little information about Modern auth on Office 365 system. In order to use Modern authentication , it has to be allowed on the service side (exchange , SharePoint, skype for business) as well as on the client side (outlook , Skype client). has In case of Modern authentication , the office 365 tenant/service will need to be configured to accept a modern auth request as well .
If your Office365 tenant was created after August 1 2017 , modern authentication is enabled by default on the tenant/service side. In case it was an old tenant , you can manually change it by using the following powershell cmdlets.
- Connect to Exchange online powershell.
- Run the following command to enable modern authentication connections to Exchange Online by Outlook 2013 or later clients:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
- The cmdlet does not disable the ability of older office clients office 2013 , 2016 etc. to use basic auth. If you would like to disable basic auth completely please follow the linked article .
You can also update the or setting by going in the M365 admin center (https://admin.microsoft.com) under Settings > Org Settings > Modern Authentication (alternatively, search for “Modern Authentication” in portal Home page Search field) .
Coming back to your scenario. In your case you are using EnableADAL = 0 then this will disable the ability of client to initiate auth request using modern authentication and this may result in problematic behavior . In order to enable modern authentication you will need to use EnableADAL = 1. If the EnableADAL key is set properly as per the table here then it could be some other reason .
You have mentioned that you have no phone policy . Do you also have any kind of next gen firewall on-site which can prevent web authentication? I would suggest to check that these firewalls are known sometimes to disrupt authentication prompts. First make sure that the registry key is set properly and Modern auth is enabled on both Client and Microsoft 365 admin center as mentioned above. If after doing all of this it does not work , please reply back and we will help you further.
Should the information help you please do accept this post as answer. As you are trying to move from legacy to Modern authentication and are trying to make a case within your organization with your leadership, I would suggest you to go through the recent updates regarding that which will help you make better decision and provide a technical explanation of what would change and how you can plan it.
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-february-2021-update/ba-p/2111904
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210
Hope this is helpful . I have linked a lot of articles here which I would encourage you to check and they should help you with a better understanding of modern authentication. If the provided info and changes do not help in fixing the issue , please reply back and we will be happy to continue this discussion further.
Thank you .
----------------------------------------------------------------------------------------------------------------------------------------------------------
- Please don't forget to click on
or upvote
button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
- Want a reminder to come back and check responses? Here is how to subscribe to a notification
- If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators