none
Modern Authentication with cloud only identity

    Question

  • Hello,

    I am using cloud only identity, with a local domain that is not connected to Azure.  I have currently Outlook users where the login is simply cached in windows (saved when setting up Outlook).  From what it seems, I need to have modern authentication enabled to be able to control access from Outlook, using conditional access policies.  

    Question is, if I enable modern authentication in Exchange Online, will current Outlook 2013, 2016, and Office365 Outlook be impacted, where they are prompted again for login, or is there NO impact at all?

    Thanks

    Robert


    Robert

    Tuesday, May 15, 2018 10:56 PM

All replies

  • If you don't have directory synchronization with Azure AD Connect then I would presume that you have completely separate identities on-premises and in the cloud so it would have no impact at all.

    If you want shared identity, then you have to set it up that way.  If you already have independent cloud identities, combining them with on-premises for single sign-on and/or federated identity can be tricky.


    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Tuesday, May 15, 2018 11:22 PM
    Moderator
  • Yes I have totally separate identities.  As I understand for conditional access policies in Azure AD, it seems I need modern authentication enabled to be able to control access to Outlook desktop apps.  Currently when I enable a policy to block Outlook from connecting to Exchange Online it has no effect, only web has an effect when specified to block.

    Are you saying enabling modern authentication will have no impact on conditional polices or no impact on end users that have their cloud identity login credentials cached/saved in windows/outlook? or are you saying both?

    thx

    Robert


    Robert


    Wednesday, May 16, 2018 2:39 PM
  • That is what I said.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, May 16, 2018 8:28 PM
    Moderator
  • Hi Robert,

    Any further concern about your question?
    If the above suggestion helps, please be free to mark it as answer. Thanks for your cooperation.

    Best Regards,
    Allen Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 23, 2018 2:55 PM
    Moderator
  • Still a little uncertain if the change will impact users, such as prompting for password again, either from outlook or phone, but according to Ed, it will have "No impact" so I assume that is what it means, no impact.  I therefore should have no further concerns once tested :).

    I plan to test this over a weekend at some point.  


    Robert

    Wednesday, May 23, 2018 3:18 PM
  • Enabling the modern authentication went smooth.  I have 2 out of 100 that were prompted for password, possibly coincidental.

    Thx


    Robert

    Tuesday, June 12, 2018 2:30 PM
  • Please feel free to mark responses as the answer and/or vote them helpful as appropriate.

    Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
    Celebrating 20 years of providing Exchange peer support!

    Wednesday, June 13, 2018 6:13 PM
    Moderator