Skype for Business & MFA – What You Need To Do First

In our recent post we talked about enabling Azure MFA with Conditional Access – the right way to do it https://red7solutions.co.uk/lets-do-azure-mfa/

But you may notice that users have issues logging into SfB clients – the web-client will work OK, but on the desktop client they are continually prompted for credentials. You need to enable Modern Authentication

Modern authentication brings Active Directory Authentication Library (ADAL)-based sign in to your Office 365 applications, and without this enabled, end users will have to use “App Passwords”, which is a true nightmare for any user and IT dept. We generally recommend to not allow users to create App passwords anyway.

Enable modern authentication for Skype for Business Online

Step 1: Download and Install Skype for Business Online, Windows PowerShell Module:
https://www.microsoft.com/en-us/download/details.aspx?id=39366

Step 2: Connect to Skype for Business using PowerShell

Step 3: Verify the current settings
You should see : ClientAdalAuthOverride : Disallowed

Step 4: Enable modern authentication for Skype for Business Online

Step 5: Verify that the change was successful by running Step 3 again.

This time you should see ClientAdalAuthOverride : Allowed

Important Note – you should enable Modern Authentication before you enable MFA as the above configuration changes can take a little while to take effect and cause service disruption if you enable MFA first.

Leave a Reply

Your email address will not be published. Required fields are marked *