This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 11%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
We are developing a custom WebDAV-server, where the goal is for end-users to be able to store and edit Office-documents.
For authentication, we want to support Azure AD, and have solved this using MS-OFBA.
However, a recent update in Office has made the experience for end-users terrible, the user must first allow MS-OFBA in general, then explicitly allow each WebDAV-server to use MS-OFBA. This is not an acceptable solution for us.
I think the change is this: MC203673 Updated Feature: Restricting form-based authentication in Office apps, where it is stated:
"To help provide additional security coverage, we are changing how form-based authentication in Office applications is handled. Forms-based authentication is a legacy authentication method for Office resources that are not protected by Azure Active Directory (AAD) or Microsoft account (MSA)."
So my question is this: In our WebDAV-server, how can we implement an authentication mechanism that Office supports in our WebDAV-server, without using MS-OFBA? It is obviously possible, since SharePoint Online etc does it.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 51%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EED%3C/text%3E%3C/svg%3E)
Your issue is not related to SharePoint. I will remove tag “office-sharepoint-online”.
Thank you for your support and understanding.
Have a nice day!
@FredrikG
The same reason as SharePoint team, tag "office-itpro" focus on general issue of Office desktop client, I would remove it.
Thanks for your understanding.
SharePoint Online is fronted by Azure AD, hence no impact to Office. If you use Azure AD ([B2C])/Microsoft Accounts as your auth mechanism, you shouldn't run into this issue. If you do not use AAD/Microsoft Accounts, then you'll need to contend with the security impact.
Thanks for your reply, Trevor!
The thing is that I am not really sure how to do Azure AD auth such that Office apps accept it, without using MS-OFBA.
I have really searched for documentation on how to do this, but haven't found anything.
Do you happen to know any such documentation or sample code?
Thanks!
/Fredrik
You'll want to look into MSAL, which is the library that provides the AAD and MSA integration. Your WebDAV server would need to use this as an authentication mechanism, rather than anything home-grown, such as standard FBA.
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-overview
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 72%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EME%3C/text%3E%3C/svg%3E)
Hi, I would like to know did you get the Azure AD auth work without MS-OFBA?
Thanks!
BR Toni