TODO: Enable Modern Authentication

Modern Authentiction

Microsoft is in the process of deprecating basic authentication to its cloud services. While their announcements feel far away, I feel this is the best time to act, if you were one of the earlier adopters of Office 365 and Azure Active Directory.

 

What Microsoft is saying

Microsoft is communicating clearly on the upcoming changes in regards to Basic Authentication:

Note:
These announcements do not affect SMTP AUTH and Microsoft continues to support Basic Authentication for it in Exchange Online.

      

… But, these changes feel far away.

The timelines above stem from the support lifecycles, service level agreements Microsoft offers and the corporate responsibility guidelines that Microsoft follows.

Politically, I’ve used this trick a couple of times at customers to reduce resistance to less popular changes, just to get a ‘go’. “We’ll cross that bridge when we get there”-people are onboarded more easily that way, is my experience.

  

Yes, but please act now

However, these changes do not mean that as an organization you can just lean back. Several situations might create some urgency. If you are a large enterprise that runs Office 2010 Professional Plus throughout your organization, then upgrading to a more recent version of Office  should be high on your priority list.

Wouldn’t it be sad if you had to touch people’s Outlook profiles twice within the next six months? Because, that’s the direction I think a lot of early adopters of Office 365 are heading.

My tip for today is to check your tenant’s Modern Authentication settings, before migrating from Office 2010 Professional Plus, or Office 2013 Professional Plus installations without the specific registry settings.

There’s two good reasons for it:

For tenants created before August 1, 2017, modern authentication is turned off, by default.

Now, many of the Microsoft pages I link to above, feature PowerShell scripts to change that behavior, but it’s actually an option box in the Microsoft 365 admin portal, these days.

The second reason has a bit more background, and I recommend reading up. Alex Weinert, Director of Identity Security at Microsoft, regularly shares and confirms many alarming facts on Basic Authentication and Modern Authentication:

It is time to get on this band wagon.

    

How to enable Modern Authentication

Perform these actions in a web browser:

  1. Navigate to https://admin.microsoft.com/.
  2. Sign on with an account in your tenant that has the Global administrator role assigned to it.
    Perform multi-factor authentication when prompted. Elevate through Azure AD Privileged Identity Management (PIM) if you need to.
  3. In the left navigation bar, click Settings.
    The Settings menu unfolds beneath it.
  4. Click Settings in the Settings menu.
  5. In the main pane, click Modern Authentication.
  6. In the Modern Authentication blade that appears check the Enable Modern authentication option.
  7. Click Save changes at the bottom of the blade.
  8. Close the Modern Authentication blade by clicking on the X in the top right corner of the blade.
  9. Sign out by clicking the icon for your account in the top right corner of the Microsoft 365 admin center and clicking the Sign out link.

  

Why now?

I recommend organizations to enable the Modern Authentication features in their tenants before onboarding people to versions of Outlook that support Modern Authentication. This way, when a person gets the new version of Outlook, modern authentication is enabled and used, by default.

If modern authentication is not available at this time, the Outlook profile for the person needs to be reset around October 13th, 2020, to switch to modern authentication…

That would be a shame, if you ask me.

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.