none
Hybrid Modern Authentication for On-Premise 2013

    Question

  • Hello Everyone,

    Question: If Hybrid Modern Authentication is enabled for Exchange On-Prem. Also, Mailbox is residing in On-prem and Outlook client is 2013. If I disable ADAL registry keys in outlook client, will it go through "legacy" authentication instead of OAuth? Would the authentication be from Azure AD or OnPrem AD using AD FS?

    I want to enable Modern Auth for Exchange On-prem but do not want to have on-prem mailboxes(outlook2013) authenticate through ModernAuth/ADAL. Just Legacy authentication. WIll it work?

    Can you please also validate the attached <g class="gr_ gr_166 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Punctuation multiReplace" data-gr-id="166" id="166">Diagram.</g>

    Regards,

    Gautam



    GautamVerma

    Thursday, July 5, 2018 8:59 AM

All replies

  • If you want to use legacy auth, then why are enabling Modern Auth? 

    The Modern auth setting is org-wide so no, you can't use legacy


    Thursday, July 5, 2018 6:02 PM
    Moderator
  • It more like a client requirement wherein some users will be in O365 and some in On-prem and since skype if enabled for modern auth, it needs to access EWS from modern auth as well for on-prem mailboxes.

    GautamVerma

    Friday, July 6, 2018 5:45 AM
  • Hi GautamVerma,

     

    From the following article, we can find that it must use clients that support ADAL in order for them to use the MA enabled features. ADAL works with OAuth to verify claims and to exchange tokens (rather than passwords), to grant a user access to a resource. I think disable ADAL may affect the authentication:

     

    Hybrid Modern Authentication overview and prerequisites for using it with on-premises Skype for Business and Exchange servers

    https://support.office.com/en-us/article/hybrid-modern-authentication-overview-and-prerequisites-for-using-it-with-on-premises-skype-for-business-and-exchange-servers-ef753b32-7251-4c9e-b442-1a5aec14e58d

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, July 6, 2018 10:01 AM
  • Thank you <g class="gr_ gr_20 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation replaceWithoutSep" data-gr-id="20" id="20">Gavin</g> for the information.

    I got to know that disabling ADAL will take it through legacy authentication:

    REGISTRY KEY

    TYPE

    VALUE

    HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL

    REG_DWORD

    0

    So I guess that would <g class="gr_ gr_100 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar multiReplace" data-gr-id="100" id="100">be </g><g class="gr_ gr_101 gr-alert gr_gramm gr_inline_cards gr_run_anim Punctuation only-del replaceWithoutSep" data-gr-id="101" id="101"><g class="gr_ gr_100 gr-alert gr_gramm gr_inline_cards gr_disable_anim_appear Grammar multiReplace" data-gr-id="100" id="100">suffice</g>,</g> since I would need exchange on-prem users to be authenticated through Legacy Auth. and have Skype for Business use Modern Auth and accessing EWS traffic.

    Let me know if I am wrong somewhere.

    Thanks in advance.


    GautamVerma

    Monday, July 9, 2018 6:56 AM
  • Hi GautamVerma,

     

    The following article also provide us the option to disable modern authentication on a device, so I think it allow us to disable it with the registry:

     

    Enable Modern Authentication for Office 2013 on Windows devices

    https://support.office.com/en-us/article/enable-modern-authentication-for-office-2013-on-windows-devices-7dc1c01a-090f-4971-9677-f1b192d6c910

    Regards,

    Gavin Gao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, July 9, 2018 9:43 AM