Enable or disable modern authentication in Exchange Online

Modern authentication in Exchange Online enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0.

When you enable modern authentication in Exchange Online, Outlook 2013 or later clients use modern authentication to log in to Exchange Online mailboxes. For more information, see How modern authentication works for Office client apps.

When you disable modern authentication in Exchange Online, Outlook 2013 or later uses basic authentication to log in to Exchange Online mailboxes. They don't use modern authentication.

Notes

  • Modern authentication is enabled by default in Exchange Online, Skype for Business Online and SharePoint Online.

  • Other Outlook clients that are available in Office 365 (for example, Outlook Mobile and Outlook for Mac 2016) always use modern authentication to log in to Office 365 mailboxes.

  • You should synchronize the state of modern authentication in Exchange Online with Skype for Business Online to prevent multiple log in prompts in Skype for Business clients. For instructions, see Skype for Business Online: Enable your tenant for modern authentication.

Enable or disable modern authentication in Exchange Online

  1. Connect to Exchange Online PowerShell.

  2. Do one of these steps:

    • Run this command to enable modern authentication in Exchange Online:

      Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
      
    • Run this command to disable modern authentication in Exchange Online:

      Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
      
  3. To verify that the change was successful, run this command:

    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*
    

See also

Using Office 365 modern authentication with Office clients