Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Enable Modern Authentication in Exchange Online

In this Ask the Admin, I’ll show you how to enable Modern Authentication in Exchange Online so that two-factor authentication (2FA) enabled users in Office 365 can access Exchange Online using Outlook 2013 or later.

If you’ve been following my article series on multi-factor authentication, you’ll know that Microsoft has been working hard to make deploying 2FA easier. The Microsoft Authenticator app allows mobile devices to be used like smartcards, acting as a second factor in the authentication process, and uses push notifications so that users don’t have to type codes to confirm that they’re in possession of the device.

Office 2013 and later desktop apps and Office mobile apps all support 2FA out-of-the-box, and this support is known as Modern Authentication (MA). SharePoint Online has support for MA enabled by default, but if you want to allow 2FA-enabled Office 365 users to connect to Exchange Online using Outlook 2013 or later, you’ll need to enable MA in Exchange Online first.

For more information on 2FA in Office 365, see Enable Multifactor Authentication for Office 365 Users and What is Multifactor Authentication and How Does It Work? on the Petri IT Knowledgebase.

Enable MA in Exchange Online

Modern Authentication must be enabled in Exchange Online using PowerShell. And you’ll also need to log in to Exchange Online using an account that isn’t 2FA-enabled. To make a connection to Exchange Online, open a PowerShell prompt or the Integrated Scripting Environment (ISE), and run the following two lines of code:

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

The Get-Credential cmdlet will prompt you to enter a username and password. Use an account that has administrative access to Exchange Online. The New-PSSession cmdlet is then used to define a session with Exchange Online.

Enable Modern Authentication in Exchange Online (Image Credit: Russell Smith)

Next use Import-PSSession to set up the session with Exchange Online.

Import-PSSession $Session

Now that we’ve successfully connected to Exchange Online, use the Set-OrganizationConfig cmdlet to enable MA:

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Now, check that MA has been enabled using the Get-OrganizationConfig cmdlet:

Get-OrganizationConfig | ft name, *OAuth*

You should see that OAuth2ClientProfileEnabled is set to True. Finally, tear down the session by running the Remove-PSSession cmdlet:

Remove-PSSession $Session

In this article, I showed you how to enable Modern Authentication in Exchange Online so that 2FA-enabled Office 365 can use Outlook 2013 or later.