Skype for Business Online: Enable your tenant for modern authentication
This article is currently a work in progress
Introduction
To learn more about modern authentication, visit: https://blogs.office.com/2015/03/23/office-2013-modern-authentication-public-preview-announced/
In order for Office clients to use modern authentication flows, the Office 365 tenant needs to be configured support modern authentication flows. You can find more details here - http://aka.ms/modernAuthClients.
Defaults
The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connection. We recommend Exchange Online be enabled for modern authentication when enabling modern authentication for Skype for Business.
Here is the per service state of modern authentication by default for tenants created before August 1, 2017:
- Skype for Business Online - OFF by default.
- Exchange Online - OFF by default.
- SharePoint Online - ON by default.
Note: For Office 365 US Government Defense tenants, modern authentication is ON by default to enable the use of PIV and CAC cards.
Note: As of August 1, 2017, for all newly created Office 365 tenants, use of modern authentication is now ON by default for Exchange Online and Skype for Business Online.
Because Skype for Business clients connect to both Skype for Business Online and Exchange Online, tenant level modern authentication settings should match for Exchange Online and Skype for Business Online.
Steps to enable modern authentication for Skype for Business Online
This article explains how to enable your Skype for Business Online tenant to support modern authentication.
- Connect to Skype for Business Online using remote PowerShell: https://aka.ms/SkypePowerShell
- Run the following command:
Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
- Verify that the change was successful by running the following:
Get-CsOAuthConfiguration
Frequently Asked Questions
How can Exchange Online be configured to use modern authentication?
Via Exchange Online remote PowerShell: How to enable your tenant for modern authentication
I enabled modern authentication in my tenant, but now I want to revert it. How do I do that?
Run the following command.
Set-CsOAuthConfiguration -ClientAdalAuthOverride NoOverride
How do I use modern authentication with the Skype for Business Online Windows PowerShell Module?
Ensure your tenant is modern authentication enabled and you have the latest Skype for Business Online Windows PowerShell Module. Version 7.0.1026.0 or later is required.
To use multi-factor authentication providing a PSCredential object to New-CsOnlineSession is no longer used, New-CsOnlineSession will now prompt for credentials without a PSCredential object.
Examples of how to use the new connector with a modern authentication enabled tenant:
New-CsOnlineSession user@domain.com |
will prompt for credentials for the specified user, using multi-factor authentication enabled for that user |
New-CsOnlineSession |
will prompt for admin UPN, then prompt for credentials for that user, using multi-factor authentication if enabled |
New-CsOnlineSession <PSCredential> |
Not valid if multi-factor authentication is enabled for the user. Included so that existing scripts for admins using username and password only will continue to work |