It seems that by going the modern authentication route, you basically create a dependency on Office 365 (evoSTS) in your authentication flow, thus you are dependent on the MS cloud even if you are 99% on-premise - this worries me a bit because today if our internet is down (cannot reach O365) internally everything continues to work (Outlook for on-premise users) and they can email back and forth internally. If we go this route, the server responsible for authentication and authorization is Microsoft's Cloud (AAD's STS called evoSTS) is this true even if we are running ADFS 4.x on-prem? What happens if client is on-premise but cannot reach the evoSTS will their Outlook work? The Move-CsUser command, as of Skype for Business 2015 CU8 and all versions of Skype for Business 2019, now supports both Legacy Authentication as well as Modern Authentication based OAuth authentication methods. If this is true indeed, is it possible to gradually enable hybrid modern authentication on mailboxes instead of server-wide? Using the Outlook app on iOS is not an option since it does not integrate with the native calendar etc. If mobile client is using ActiveSync / iOS Mail app, it is true we must re-create the profile? This is PITA requirement since we have 500+ users connecting using the iOS Mail app. I have on-prem ADFS 4.0 server and AADConnect, both Skype and Exchange on-prem are at the correct patch levels.įor anyone that has gone down this path, have a few questions for you. The goal is to leverage MFA (duo) in a few places such as OWA, O365, etc. It is currently configured in hybrid mode with Exchange Online and we have mailboxes homed in both places. I want to enable modern authentication for our Exchange 2013 / Skype for Business on-premise environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |