This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 22%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ENA%3C/text%3E%3C/svg%3E)
Hello,
I am going to be enabling modern authentication in office 365 and wanted to doublecheck the consequences. I am always cautious with changes that affect everyone at once.
We currently do not have modern authentication or security defaults enabled. We use the ios mail app, the outlook app for iPhone, and outlook 2016 & 2019 on windows computers. We dont' do much with powershell. We use one drive & azure backup, but no other azure services. I am mostly concerned about people getting to their email. We currently do not use MFA.
I want to enable MFA, but when I did, it broke the outlook sign in for those that had MFA. After research, I've concluded that is because we don't have modern authentication enabled.
My Plan is to:
a). enable modern authentication for the organization.
b). gradually start adding MFA on a per-user basis, starting with admins and high risk accounts, as fast as I can keep up.
c). eventually enabling security defaults.
I don't have any plan to enable conditional access at this point, as our plan doesn't support it.
My understanding is that everyone is going to be prompted to log back in after I enable modern authentication. This will be on their iPhones, iPads, and Windows Outlook apps. Once they log back in, they will be good to go for some period of time - although they may get prompted periodically (no more than once a week?)
Am I missing anything? specifically around turning on modern authentication, what other affect will it have, other than prompting users to log in again?
Thanks
There are no adverse effects here, after you enabled Modern auth older auth methods will continue to work until you specifically disable them (or toggle Security defaults on). Just educate your users on how to register their MFA info and warn them about the change, and you're good to go.
Here are effect on end users: Azure AD Multi-Factor Authentication user states
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
thanks.
The state I am going for is:
Modern Authentication is enabled, but multi-factor authentication is disabled.
This would just be until I can enable multi-factor on a per-user basis.
If so, user still could use mailbox as before. They need to configure SMS verification until you enable MFA for them.
@NW Admin
Any update about this thread now?
Thanks for the help on this. It was helpful to moving us forward.