Skype for Business 2015 CU2 - Can other authentication methods (e.g. Integrated Windows) coexist with ADAL? RRS feed

  • Question

  • According to this article (https://technet.microsoft.com/en-us/library/mt710548.aspx) support for ADAL was added to Skype for Business 2015 in CU2 and it describes how to set it up, both ADFS and SfB Server.

    I would like to know if enabling ADAL on the server side requires other forms of authentication like Kerberos or NTLM to be disabled. The article specifically states that Passive Auth needs to be disabled and that cannot coexist with ADAL, however there is no information about Kerberos or NTLM.

    In my particular scenario SfB desktop clients are using NTLM and we would like to keep it that way for now, but we would like enable ADAL anyway to start looking at it specifically for the SfB mobile client when Microsoft introduces support for ADAL on those clients.

    Any information that can be provided will be appreciated.

    Just an additional clarification the above inquiry is in reference to on premise environments only. 

    Thank you very much in advance.

    Saturday, April 9, 2016 9:06 PM

All replies

  • Hi 

    Yes , was searching through the technet that you have shared and it says SFB though support ADAL after March 2016 Update. Are you with Online SFB or Onpremise ?

    If you are with  on premise deployment , There is also another article  which says that its not yet supported for Onpremise and Hybrid Topology as its  on the road map.



    Sunday, April 10, 2016 6:56 AM
  • Hi Linus,

    I have seen the article you refer to and know Hybrid deployments are not supported yet, but will in the near future.

    My question is specific to On Premises deployments of SfB and the question still stands and has not been answered. I would like to know if enabling ADAL on the server side requires other forms of Authentication, particularly Windows Integrated Auth (Kerberos or NTLM) to be disabled.

    The article specifically states that if you use ADAL you need to disable Passive Auth, but it does not say anything about the rest of the Authentication options.



    Monday, April 11, 2016 2:45 PM
  • Hi Ernesto,

    So far there is not many article about this question, from this link you provided above, it seems that only passive authentication should be disabled but not other authentication. However it is better to contact Microsoft to confirm it.

    Best Regards

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Wednesday, April 13, 2016 8:05 AM
  • Hello Eason,

    Thanks for the response. I know there is not much information out there, which is why I posted the question :). Which so far has not been answered, so I will leave it unanswered with the hopes that someone out there can provide the information I am asking for.



    Wednesday, April 13, 2016 7:38 PM
  • I just wanted to bring this up again as it has been a while to see if there is any new information. I have not been able to find anything on line yet, that can answer my above questions.

    Any information that can be shared will be appreciated.



    Monday, November 14, 2016 7:31 PM
  • Enabling Modern Auth doesn't require you to disable TLS-DSK, Kerberos, or NTLM.
    Wednesday, February 1, 2017 3:00 PM