Legacy > Modern Authentication

EidolonGG 6 Reputation points
2021-12-06T16:17:20.633+00:00

Hi there,

I hope all is well.

I have some questions regarding modern authentication over legacy authentication. Users at our business who work from home, or have external 365 access can work fine, with no problems.

However, when setting EnableADAL=0 in the registry to force modern authentication, the white box appears as if it will let you log in. But it remains a blank white box, and doesn't progress to the section where you enter your email and password. It seems to be only users who work on-site. We have a policy whereby they are not allowed phones on the shop floor, but it won't even progress to setting some security questions or an email address.

To get around this, we have to leave them as legacy auth.

This is problematic, as the managers would like to roll modern authentication out across the board, but they are reluctant to do so - if we push modern auth, what will happen to those stuck on legacy auth? Or is there currently a fix for this that doesn't involve jeopardizing security?

155393-white-box.png

Microsoft Security | Microsoft Entra | Microsoft Entra ID
{count} votes

1 answer

Sort by: Most helpful
  1. Shashi Shailaj 7,631 Reputation points Microsoft Employee Moderator
    2021-12-07T14:46:36.827+00:00

    @EidolonGG

    Let me start with a little information about Modern auth on Office 365 system. In order to use Modern authentication , it has to be allowed on the service side (exchange , SharePoint, skype for business) as well as on the client side (outlook , Skype client). has In case of Modern authentication , the office 365 tenant/service will need to be configured to accept a modern auth request as well .

    If your Office365 tenant was created after August 1 2017 , modern authentication is enabled by default on the tenant/service side. In case it was an old tenant , you can manually change it by using the following powershell cmdlets.

    You can also update the or setting by going in the M365 admin center (https://admin.microsoft.com) under Settings > Org Settings > Modern Authentication (alternatively, search for “Modern Authentication” in portal Home page Search field) .
    large

    Coming back to your scenario. In your case you are using EnableADAL = 0 then this will disable the ability of client to initiate auth request using modern authentication and this may result in problematic behavior . In order to enable modern authentication you will need to use EnableADAL = 1. If the EnableADAL key is set properly as per the table here then it could be some other reason .

    You have mentioned that you have no phone policy . Do you also have any kind of next gen firewall on-site which can prevent web authentication? I would suggest to check that these firewalls are known sometimes to disrupt authentication prompts. First make sure that the registry key is set properly and Modern auth is enabled on both Client and Microsoft 365 admin center as mentioned above. If after doing all of this it does not work , please reply back and we will help you further.

    Should the information help you please do accept this post as answer. As you are trying to move from legacy to Modern authentication and are trying to make a case within your organization with your leadership, I would suggest you to go through the recent updates regarding that which will help you make better decision and provide a technical explanation of what would change and how you can plan it.

    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-july-update/ba-p/1530163
    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-february-2021-update/ba-p/2111904
    https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210

    Hope this is helpful . I have linked a lot of articles here which I would encourage you to check and they should help you with a better understanding of modern authentication. If the provided info and changes do not help in fixing the issue , please reply back and we will be happy to continue this discussion further.

    Thank you .

    ----------------------------------------------------------------------------------------------------------------------------------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators
    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.