Exchange Server

Enable Modern Authentication in Exchange Online


In this Ask the Admin, I’ll show you how to enable Modern Authentication in Exchange Online so that two-factor authentication (2FA) enabled users in Office 365 can access Exchange Online using Outlook 2013 or later.

If you’ve been following my article series on multi-factor authentication, you’ll know that Microsoft has been working hard to make deploying 2FA easier. The Microsoft Authenticator app allows mobile devices to be used like smartcards, acting as a second factor in the authentication process, and uses push notifications so that users don’t have to type codes to confirm that they’re in possession of the device.

Office 2013 and later desktop apps and Office mobile apps all support 2FA out-of-the-box, and this support is known as Modern Authentication (MA). SharePoint Online has support for MA enabled by default, but if you want to allow 2FA-enabled Office 365 users to connect to Exchange Online using Outlook 2013 or later, you’ll need to enable MA in Exchange Online first.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

For more information on 2FA in Office 365, see Enable Multifactor Authentication for Office 365 Users and What is Multifactor Authentication and How Does It Work? on the Petri IT Knowledgebase.

Enable MA in Exchange Online

Modern Authentication must be enabled in Exchange Online using PowerShell. And you’ll also need to log in to Exchange Online using an account that isn’t 2FA-enabled. To make a connection to Exchange Online, open a PowerShell prompt or the Integrated Scripting Environment (ISE), and run the following two lines of code:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection

The Get-Credential cmdlet will prompt you to enter a username and password. Use an account that has administrative access to Exchange Online. The New-PSSession cmdlet is then used to define a session with Exchange Online.

Enable Modern Authentication in Exchange Online (Image Credit: Russell Smith)
Enable Modern Authentication in Exchange Online (Image Credit: Russell Smith)

Next use Import-PSSession to set up the session with Exchange Online.

Import-PSSession $Session

Now that we’ve successfully connected to Exchange Online, use the Set-OrganizationConfig cmdlet to enable MA:
Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Enable Modern Authentication in Exchange Online (Image Credit: Russell Smith)
Enable Modern Authentication in Exchange Online (Image Credit: Russell Smith)

Now, check that MA has been enabled using the Get-OrganizationConfig cmdlet:

Get-OrganizationConfig | ft name, *OAuth*

You should see that OAuth2ClientProfileEnabled is set to True. Finally, tear down the session by running the Remove-PSSession cmdlet:
Remove-PSSession $Session

In this article, I showed you how to enable Modern Authentication in Exchange Online so that 2FA-enabled Office 365 can use Outlook 2013 or later.


Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

IT consultant, Contributing Editor @PetriFeed, and trainer @Pluralsight. All about Microsoft, Office 365, Azure, and Windows Server.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: