Account/Authentication - Azure Active Directory - Ensure Modern Authentication for Exchange Online is Enabled
Summary
The option of modern authentication in Microsoft 365 enables authentication features like Multifactor Authentication (MFA) using smart cards, Certificate-based Authentication (CBA), and third-party SAML identity providers; when it is enabled in Exchange Online, Outlook 2016 and Outlook 2013 use basic authentication to log in to Microsoft 365 mailboxes.
When certain email clients like Outlook 2013 and Outlook 2016 are configured, the users have to authenticate with the help of enhanced authentication mechanisms, such as MFA. Other Outlook clients that are available in Microsoft 365 (like Outlook Mobile and Outlook for Mac 2016) generally use modern authentication to log in to Microsoft 365 mailboxes.
Reason
Authentication controls like MFAs can be circumvented if basic authentication is used by Exchange Online email clients such as Outlook 2016 and Outlook 2013. However, if modern authentication is enabled for Exchange Online, strong authentication mechanisms can be used while establishing sessions between email clients and Exchange Online.
What If?
Users older email clients, such as Outlook 2013 and Outlook 2016, will no longer be able to authenticate to Exchange using Basic Authentication, which will also necessitate migration to modern authentication practices.
How to?
To enable modern authentication, use the Exchange Online PowerShell Module:
- Run the Microsoft Exchange Online PowerShell Module.
- Connect to Exchange Online using Connect-ExchangeOnline.
- Run the following PowerShell command:
Set -OrganizationConfig -OAuth2ClientProfileEnabled $True
Monitor:
To verify modern authentication is enabled, use the Exchange Online PowerShell Module:
- Run the Microsoft Exchange Online PowerShell Module.
- Connect to Exchange Online using Connect-ExchangeOnline.
- Run the following PowerShell command:
Get -OrganizationConfig | Format -Table -Auto Name, OAuth*
4. Verify OAuth2ClientProfileEnabled is True.
Comments
Post a Comment