How to achieve Hybrid Authentication using Microsoft Graph API

Disha Hegde 1 Reputation point

I have an app which supports Basic Authentication using Exchange Web Services and also supports Modern Authentication for Exchange Online using Microsoft Graph APIs.

Now I have a requirement to support Hybrid Authentication in the same application.

So, Is Hybrid authentication supported via Microsoft Graph? And will the access token and rest endpoints flow be same for Hybrid and Modern auth using Microsoft Graph?

If yes, How will I get the Rest end points which needs to be accessed to get access token and other user data like events in Hybrid authentication?

Also, I went through the following documentation and found that Rest API support is deprecated

In this case, how do I achieve hybrid authentication in the same application?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
9,106 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Glen Scales 4,421 Reputation points

    If you have OnPrem mailboxes in a hybrid Exchange Org then you need to use EWS to access those OnPrem mailboxes as you have already found the Graph support the Outlook Rest endpoints have also been depreciated

    Hybrid Modern Authentication will work in EWS as long as it's been configured

    In EWS to use Hybrid Modern Authentication you just request a Token from Azure with the audience of your OnPrem EWS endpoint, if your using the client credentials flow in the Graph you can also use that in EWS using a scope like or if its a delegate flow You do need to make sure the permission are added and consented to in you application registration like

    If you just want to check if hybrid Modern Authentication is enable on the local EWS endpoint you can do a blank bearer request on the EWS endpoint eg

            public void CheckForHybridModernAuthenticationv2(string ewsUrl)  
                using (HttpClient client = new HttpClient())  
                    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", "");  
                    var authTestResult = client.GetAsync(ewsUrl).GetAwaiter().GetResult();  
                    foreach (var wwwAuthHeader in authTestResult.Headers.WwwAuthenticate)  

    What you should get back in the wwwAuthHeader is something like


    both the authorization_uri and trusted issuer is telling you that its ready to go with Hybrid Modern Auth

    0 comments No comments