Enable Modern Authentication in Exchange Online
In this Ask the Admin, I’ll show you how to enable Modern Authentication in Exchange Online so that two-factor authentication (2FA) enabled users in Office 365 can access Exchange Online using Outlook 2013 or later.
If you’ve been following my article series on multi-factor authentication, you’ll know that Microsoft has been working hard to make deploying 2FA easier. The Microsoft Authenticator app allows mobile devices to be used like smartcards, acting as a second factor in the authentication process, and uses push notifications so that users don’t have to type codes to confirm that they’re in possession of the device.
Office 2013 and later desktop apps and Office mobile apps all support 2FA out-of-the-box, and this support is known as Modern Authentication (MA). SharePoint Online has support for MA enabled by default, but if you want to allow 2FA-enabled Office 365 users to connect to Exchange Online using Outlook 2013 or later, you’ll need to enable MA in Exchange Online first.
For more information on 2FA in Office 365, see Enable Multifactor Authentication for Office 365 Users and What is Multifactor Authentication and How Does It Work? on the Petri IT Knowledgebase.
Enable MA in Exchange Online
Modern Authentication must be enabled in Exchange Online using PowerShell. And you’ll also need to log in to Exchange Online using an account that isn’t 2FA-enabled. To make a connection to Exchange Online, open a PowerShell prompt or the Integrated Scripting Environment (ISE), and run the following two lines of code:
$UserCredential = Get-Credential $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
The Get-Credential cmdlet will prompt you to enter a username and password. Use an account that has administrative access to Exchange Online. The New-PSSession cmdlet is then used to define a session with Exchange Online.
Next use Import-PSSession to set up the session with Exchange Online.
Now that we’ve successfully connected to Exchange Online, use the Set-OrganizationConfig cmdlet to enable MA:
Now, check that MA has been enabled using the Get-OrganizationConfig cmdlet:
Get-OrganizationConfig | ft name, *OAuth*
You should see that OAuth2ClientProfileEnabled is set to True. Finally, tear down the session by running the Remove-PSSession cmdlet:
In this article, I showed you how to enable Modern Authentication in Exchange Online so that 2FA-enabled Office 365 can use Outlook 2013 or later.
More in Exchange Server
Microsoft Warns About New Zero-Day Vulnerabilities in Exchange Server
Sep 30, 2022 | Rabia Noureen
Microsoft Exchange Servers Hit By Stealthy IIS Backdoors
Jul 27, 2022 | Rabia Noureen
Kaspersky Discloses New 'SessionManager' Backdoor Targetting Microsoft Exchange Servers
Jul 1, 2022 | Rabia Noureen
M365 Changelog: (Updated) Safe Links Global Settings Migrated to Custom Policies
Jun 28, 2022 | Petri Staff
Microsoft Postpones the Release of Next Version of Exchange Server Until 2025
Jun 3, 2022 | Rabia Noureen
Most popular on petri