Phase out Legacy Authentication - Enable Modern Authentication
Blog series
This is part two of the six-part series on “Phase out Legacy Authentication”.
- Preface
- Enable Modern Authentication
- Create prerequisites
- Gain insights
- The first 90%
- The next 9%
- Endgame
Enable Modern Authentication
This step may seem strange, but in old tenants (created before 01.08.2017) Modern Authentication for Exchange Online and Skype for Business Online is not necessarily enabled.
Exchange Online
For Exchange Online, the Exchange Online PowerShell V2 module must be installed to enable Modern Authentication.
|
Check current configuration
|
If the value for OAuth2ClientProfileEnabled is not True
, Modern Auth still needs to be enabled.
Enable modern auth
|
Skype for Business Online
Microsoft has removed the Get-CsOAuthConfiguration
cmdlet from the Microsoft Teams module. The latest version containing the cmdlet is 4.5.0.
Sadly it is not enough to just use the old version of the module. It will result in the following error message:
Get-CsOAuthConfiguration: This cmdlet is no longer supported, please consult public documentation
Since Skype for Business Online was retired on 31 July 2021 this should not be a problem.
Thanks to @renedelamotte for bringing this to my attention.
In the latest version of the Microsoft Teams PowerShell module, the configuration of Skype for Business Online is also possible. The separate installation of the Skype for Business Online Connector is therefore no longer necessary.
|
Check current configuration
|
If the value for ClientAdalAuthOverride is not Allowed
, Modern Auth must be enabled.
Enable modern auth
|
Next step
Now that clients can actually use Modern Authentication, it is important to set the stage to disable Legacy Authentication.