I don't know if I have Modern Auth setup correctly and I'm trying to figure things out.
I have followed all the instructions: I enabled ADAL in the registry for 2013 users, 2016 users I did the same even though I didn't have to. I also Enabled it via powershell for Exchange and for Skype for Business. We do NOT have an ADFS server and we
are NOT in hybrid mode.
What happens in our environment is a few things:
- First time someone logs in with any application (Skype for Business or Outlook) they get the White dialog box to ask them for their password.
- After this, the other application whether **** or Outlook logs in without a problem (normally)
- I say Normally because sometimes they are prompted for both applications.
- When someone changes their network password. Outlook and **** stop working and they get the white dialog box again. Sometimes they get it multiple times to the point I have to go into the Credential manager, wipe out all credentials and have them try again.
- At random times, sometimes a week apart, the white dialog box will come up asking for credentials. In this case it's not based on password changes.
This is what my understanding was when I investigated Modern Authentication:
- It is token-based so you are prompted once and it doesn't prompt again for at least 90 days. (This sometimes is the case and it certainly seems to work between apps.) but I still get prompted < 90 days too
- If your password changes before 90 days is up, you are NOT prompted again, it just keeps working with the token.
I am not seeing that #2 is happening and, as I said above, it seems I get prompted less than 90 days too.
I was then looking at passing credentials automatically like you can do with Sharepoint, etc by putting sites into the Intranet zone and setting it to pass current credentials. I did that for *.microsoftonline.com, *.sharepoint.com, *.outlook.com, and *.lync.com
based on a forum post I read and that seems to have done nothing to help.
More research showed that many people are using ADFS 3.0 with Modern Auth to do SSO. But an Exchange Expert at at Microsoft Conference told me that ADFS was unnecessary or not recommended because Modern Auth does that for you, sort of.
What I want is for people to stop being prompted all the time! Some say they're getting the dialog 3-4 times a day.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
