Enable Modern Authentication in Exchange Online
In this Ask the Admin, I’ll show you how to enable Modern Authentication in Exchange Online so that two-factor authentication (2FA) enabled users in Office 365 can access Exchange Online using Outlook 2013 or later.
If you’ve been following my article series on multi-factor authentication, you’ll know that Microsoft has been working hard to make deploying 2FA easier. The Microsoft Authenticator app allows mobile devices to be used like smartcards, acting as a second factor in the authentication process, and uses push notifications so that users don’t have to type codes to confirm that they’re in possession of the device.
Office 2013 and later desktop apps and Office mobile apps all support 2FA out-of-the-box, and this support is known as Modern Authentication (MA). SharePoint Online has support for MA enabled by default, but if you want to allow 2FA-enabled Office 365 users to connect to Exchange Online using Outlook 2013 or later, you’ll need to enable MA in Exchange Online first.
For more information on 2FA in Office 365, see Enable Multifactor Authentication for Office 365 Users and What is Multifactor Authentication and How Does It Work? on the Petri IT Knowledgebase.
Enable MA in Exchange Online
Modern Authentication must be enabled in Exchange Online using PowerShell. And you’ll also need to log in to Exchange Online using an account that isn’t 2FA-enabled. To make a connection to Exchange Online, open a PowerShell prompt or the Integrated Scripting Environment (ISE), and run the following two lines of code:
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
The Get-Credential cmdlet will prompt you to enter a username and password. Use an account that has administrative access to Exchange Online. The New-PSSession cmdlet is then used to define a session with Exchange Online.
Next use Import-PSSession to set up the session with Exchange Online.
Now that we’ve successfully connected to Exchange Online, use the Set-OrganizationConfig cmdlet to enable MA:
Now, check that MA has been enabled using the Get-OrganizationConfig cmdlet:
Get-OrganizationConfig | ft name, *OAuth*
You should see that OAuth2ClientProfileEnabled is set to True. Finally, tear down the session by running the Remove-PSSession cmdlet:
In this article, I showed you how to enable Modern Authentication in Exchange Online so that 2FA-enabled Office 365 can use Outlook 2013 or later.
More in Exchange Server
Microsoft to Ship Some Exchange Server Security Updates in .EXE Packages
May 11, 2022 | Rabia Noureen
M365 Changelog: Exchange Transport Rule Report moving to the new Exchange Admin Center (EAC) from the Security and Compliance Center
Apr 22, 2022 | Petri Staff
Hive Ransomware Group Attacks Vulnerable Microsoft Exchange Servers
Apr 22, 2022 | Rabia Noureen
M365 Changelog: (Updated) Change to mailbox forwarding behavior coming to Exchange Online
Apr 21, 2022 | Petri Staff
M365 Changelog: (Updated) Microsoft Defender for Office 365: Updates to URL Protection Report
Apr 21, 2022 | Petri Staff
M365 Changelog: Feature update: Modern Dynamic Distribution Groups
Apr 14, 2022 | Petri Staff
Most popular on petri