Shawn Harry | Steps to enable modern authentication for Skype for Business Online
574
single,single-post,postid-574,single-format-standard,ajax_fade,page_not_loaded,,qode_grid_1300,qode_popup_menu_push_text_top,qode-content-sidebar-responsive,qode-theme-ver-10.0,wpb-js-composer js-comp-ver-4.12.1,vc_responsive

Steps to enable modern authentication for Skype for Business Online

This article is applicaple to Office 365 only. EG Skype for Business Online with no hybrid or premise connectivity. The following technet wiki was used to understand the configuration: https://social.technet.microsoft.com/wiki/contents/articles/34339.skype-for-business-online-enable-your-tenant-for-modern-authentication.aspx

Per service state of modern authentication by default for Office 365:

•    Skype for Business Online – OFF by default.

•    Exchange Online – OFF by default.

•    SharePoint Online – ON by default.

Note: Because Skype for Business clients connect to both Skype for Business Online and Exchange Online, tenant level modern authentication settings should match for Exchange Online and Skype for Business Online.

 

Office 365 Service Status Detail
SharePoint Online Enabled on all tenants No additional back-end activation needed.
Modern Auth flows are automatically enabled through the use of compatible clients.
Exchange Online Disabled by default Admin must enable the tenant for Modern Authentication
Suitable to production
deployments.
Skype for Business Disabled by default Follow steps below
Yammer Enabled on all tenants No additional back-end activation needed.
Modern Auth flows are automatically enabled through the use of compatible clients.

Skype for Business Online: Modern Authentication TENANT Enablement

The Office 365 tenant/resource host (Exchange Online, SharePoint Online and Skype for Business Online) will need to be configured to accept a modern authentication connection. The table below summarizes Modern Authentication enablement status, for each workload:

  • Connect to Skype for Business Online using remote PowerShell: https://aka.ms/SkypePowerShell
  • Run the following command:
    • Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
  • Verify that the change was successful by running the following:
    • Get-CsOAuthConfiguration

 

Exchange Online: Modern Authentication TENANT Enablement

  1. Connect to Exchange Online using remote PowerShell: https://technet.microsoft.com/library/jj984289(v=exchg.160).aspx
  2. Check the current status of your tenant
  •  Get-OrganizationConfig | fl OAuth2ClientProfileEnabled
  1. Run the following command:
  • Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
  • Verify that the change was successful by running the following:
    • Get-OrganizationConfig | fl OAuth2ClientProfileEnabled

 

MFA demo on an iPad using the latest Skype for Business build for iOS. Screenshots of the sign in process with 2FA/MFA enabled.

061917_0956_Stepstoenab2

061917_0956_Stepstoenab3

061917_0956_Stepstoenab4

061917_0956_Stepstoenab5

The Authenticator App for Android was used to approve MFA request  https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_GB

061917_0956_Stepstoenab6

061917_0956_Stepstoenab7

061917_0956_Stepstoenab8