Modern Authentication to be enabled in the cloud for Exchange and Skype for Business

News

Example of ADFS sign-in window
Show Focused Inbox button
Enabled Focused Inbox in Outlook

At 9 AM on Friday January 19th, 2018, Modern Authentication will be enabled in the cloud for Exchange and Skype for Business. The impacts of this change are detailed below.

What is Modern Authentication?

In layman’s terms, Modern Authentication is a Microsoft solution that changes how authentication is verified when users sign in. Technically, Modern Authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms.

If you want to know more about Modern Authentication, you can read about it on the Microsoft Office Support website.

How am I impacted?

Since the change is applied on the server side, no major impacts are expected for most users. There are a few minor impacts for a subset of users, which are explained in detail below.

Impacts for Office 2016 users

(Also applies to Office 2013 with reg key HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL=1)

  1. When a new profile is created: Users will be redirected to McGill ADFS sign-in page (see screenshot below). They will be prompted once for the profile setup and a second time to sign into the mailbox. After the initial mailbox setup, sign-in will be automatic.
  2. For existing profiles: Basic authentication will remain in effect and users should NOT receive the ADFS sign in page, with the following exceptions:
    1. User deletes their existing profile and recreates it.
    2. User deletes their credentials from the credential manager.
    3. Some other unforeseen configuration/setup on the client. (Microsoft has stated that users with existing profiles should not be prompted for ADFS sign in but they could not guarantee this behavior in all circumstances because of client behavior.)
  3. All other mail clients: Users will continue to use basic authentication and will not be impacted by the change.

Impacts for Office 365 ProPlus users

Focused Inbox is a new functionality in Outlook that helps to separate messages that are less important to users. It uses the same mechanism as the Clutter feature, but instead of moving less important messages in a different folder, it puts them in a tab within your regular inbox. You can read more about Focused Inbox in the McGill IT Knowledge Base.

  1. After Modern Authentication is enabled, users running Office 365 ProPlus from versions released April 2017 through Nov. 2017, will see a new Show Focused Inbox button on their Outlook 2016 View menu. This Focused Inbox will be disabled by default but users will now be able to enable it through the View tab. 
    NOTE: Once users enable the Focused Inbox, the Clutter feature will no longer be active – i.e. messages will no longer be moved to the Clutter folder. Focused Inbox replaces the Clutter functionality.
  2. Office 365 ProPlus versions release prior to April 2017 did not support Focused Inbox and will not be impacted.
  3. Versions from Dec. 2017 and onward already have the Show Focused Inbox button available.

Impacts for Skype for Business users (Office 365 ONLY (i.e. students))

Impacts of Modern Authentication only apply to Skype for Business users in Office 365 (i.e. all students). On-premises Skype for Business users (i.e. staff and faculty) are not affected by this change.

  1. When a new profile is created: Users will be directed to our ADFS sign in page. After the initial setup all future sign-ins will be automatic.
  2. For existing profiles: Basic authentication will remain in effect and users should not receive the ADFS sign in page, with the following exceptions:
    1. User deletes their existing profile and recreates it.
    2. User signs out and, before signing back in, he/she deletes their sign-in info.
    3. Some other unforeseen configuration/setup on the client. (Microsoft has stated that users with existing profiles should not be prompted for ADFS sign in but they could not guarantee this behavior in all circumstances because of client behavior)

If you have any questions about these changes, please contact the IT Service Desk.