Now we need to determine which applications will send the correct authentication. OK, now your tenant will accept Modern Authentication requests. Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true This will present a lot of info but the part we are interested in is illustrated below:Īs you can see, OAuth2ClientProfileEnabled is set to False. This means Modern Authentication is disabled for Exchange Online. Skype for Business Modern Authentication has just come out of public preview.įirst of all connect your PowerShell to Exchange Online in your Office 365 tenant, then run the following command: Get-OrganizationConfig
The solution is enabling Modern Authentication which is disabled by default for Exchange Online but enabled by default for SharePoint Online. Now, not everybody likes using app passwords since they are hard to manage and will place an extra workload on your Helpdesk. Each user gets an App Password to use for any applications that do not support Modern Authentication or any applications that are not enabled for Modern Authentication. If you use Azure MFA as your multi-factor solution, Microsoft provide a workaround for the password loop problem. The issue is caused by a requirement for ‘Modern Authentication’ to be enforced. I recently had a major issue where a client was seeing constant password prompts when multi-factor authentication (MFA) was enabled for access to Office 365 with his Outlook 2016 client.