This documentation applies to Office 2013 and Pro Plus Windows clients running modern authentication - these clients use ADAL based authentication instead of the Microsoft Online Sign-in Assistant.



Here we outline the possible issues that customers may face when implementing Office 2013 modern authentication. Office 2013 modern authentication is currently in public preview and is supported for production use with the exception of the below features. If these features are required, then the customer can easily revert back to using the Microsoft Online Sign-In Assistant by rolling back the registry settings set based on instructions here : http:\\aka.ms\AuthAdminHowTo.



Issue  Description Workaround

RESOLVED :

Azure RMS users cannot view/create IRM-protected content while using a modern authentication enabled client.

  •  If your organization uses an on-premises AD RMS server, you will not be affected by this.
  • If your organization exclusively uses Azure Rights Management (cloud based) to enforce content rights (such as IRM-protected email or documents), you will be unable to view or create new content using modern authentication enabled Office 2013 clients.

  • More details here: http://social.technet.microsoft.com/wiki/contents/articles/30219.known-issues-with-modern-authentication-and-irm-in-office-2013.aspx





 RESOLVED : Upgrade to June 2015 update of Office 2013, or higher.


 Lync client is not MFA enabled Lync Online tenants do not yet support modern authentication enablement for production use. Since modern authentication is a prerequisite for MFA, Lync online clients will not yet be able to support MFA.   Lync Online client will continue to use and work with the Microsoft Online Sign-in Assistant



 RESOLVED :

External Sharing in SharePoint Online

 Users enabled for ADAL based authentication will not be able to access secured content hosted in another tenant’s SharePoint Online sites using the “External Sharing” feature.  RESOLVED
 Client access filtering policies in Active Directory Federation Services might need changes.  If you use Client Access Filtering policies in AD FS then please refer to this article to learn more : http://social.technet.microsoft.com/wiki/contents/articles/30253.office-2013-and-office-365-proplus-modern-authentication-and-client-access-filtering-policies-things-to-know-before-onboarding.aspx  See linked article.




Related articles: