Share via

Modern Auth

VickVega 96 Reputation points
2021-08-09T13:00:57.147+00:00

Hello,
The existing on-prem environment can not support Modern Auth due to Exchange 2010 SP3 + latest CU and Lync 2013. The users' mailboxes are in Exchange Online. Federation against the on-prem environment is in place. Within Azure AD Connect - no SSO, no password sync, no Exchange Hybrid. Although on the Exchange side - HCW is in place. Currently, web-based applications such as azure portal, Teams, etc are protected by Conditional Access invoking MFA. The desire is to protect fat Office clients with MFA as well. This is the current state.
If Modern Auth is enabled on the tenant only, what are the implications for the users?
We are aware it is not an ideal state - What are the minimal steps to adjust the environment that needs to be taken to allow users to authenticate with Office fat clients and get MFA?

I want to make sure I interpret the following statement correctly:
https://learn.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide
"The availability of modern authentication is determined by the combination of the client, protocol, and configuration. If modern authentication is not supported by the client, protocol, and/or configuration, then the client will continue to leverage legacy authentication."

Does this means that if I enable Modern Auth in the cloud, users with Office2016+ (or 2013 with reg key) will be able to use MFA with fat clients?

Thank you.

Exchange | Hybrid management
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. KyleXu-MSFT 26,396 Reputation points
    2021-08-10T03:03:03.57+00:00

    @VickVega

    If Modern Auth is enabled on the tenant only, what are the implications for the users?

    Here is detailed information about it: What changes when I use modern authentication?. As you said, there exist Exchange 2010 SP3 and Lync 2013 for local AD, you cannot deploy hybrid modern authentication for them.

    Since mailboxes migrated to Exchange online, you don't need to consider hybrid modern authentication, why not uninstall local AD and use Exchange online modern authentication directly: Enable or disable modern authentication for Outlook in Exchange Online

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.