In our recent post we talked about enabling Azure MFA with Conditional Access – the right way to do it https://red7solutions.co.uk/lets-do-azure-mfa/
But you may notice that users have issues logging into SfB clients – the web-client will work OK, but on the desktop client they are continually prompted for credentials. You need to enable Modern Authentication
Modern authentication brings Active Directory Authentication Library (ADAL)-based sign in to your Office 365 applications, and without this enabled, end users will have to use “App Passwords”, which is a true nightmare for any user and IT dept. We generally recommend to not allow users to create App passwords anyway.
Enable modern authentication for Skype for Business Online
Step 1: Download and Install Skype for Business Online, Windows PowerShell Module:
https://www.microsoft.com/en-us/download/details.aspx?id=39366
Step 2: Connect to Skype for Business using PowerShell
1 2 3 |
Import-Module SkypeOnlineConnector $sfboSession = New-CsOnlineSession -UserName <admin account> Import-PSSession $sfboSession |
Step 3: Verify the current settings
You should see : ClientAdalAuthOverride : Disallowed
1 |
Get-CsOAuthConfiguration |
Step 4: Enable modern authentication for Skype for Business Online
1 |
Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed |
Step 5: Verify that the change was successful by running Step 3 again.
This time you should see ClientAdalAuthOverride : Allowed
Important Note – you should enable Modern Authentication before you enable MFA as the above configuration changes can take a little while to take effect and cause service disruption if you enable MFA first.