Removing or disabling Hybrid Modern Authentication from Skype for Business and Exchange
If you've enabled Hybrid Modern Authentication (HMA) only to find it's unsuitable for your current environment, you can disable HMA. This article explains how.
Who is this article for?
If you've enabled Modern Authentication in Skype for Business Online or On-premises, and/or Exchange Online or On-premises and found you need to disable HMA, these steps are for you.
See the 'Skype for Business topologies supported with Modern Authentication' article if you're in Skype for Business Online or On-premises, have a mixed-topology HMA, and need to look at supported topologies before you begin.
How to disable Hybrid Modern Authentication (Exchange)
- Exchange On-premises: Open the Exchange Management Shell and run the following commands:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $false Set-AuthServer -Identity evoSTS -IsDefaultAuthorizationEndpoint $false
- Exchange Online: Connect to Exchange Online with Remote PowerShell. Run the following command to turn your OAuth2ClientProfileEnabled flag to 'false':
How to disable Hybrid Modern Authentication (Skype for Business)
- Skype for Business On-premises: Run the following commands in Skype for Business Management Shell:
Set-CsOAuthConfiguration -ClientAuthorizationOAuthServerIdentity ""
- Skype for Business Online: Connect to Skype for Business Online with Remote PowerShell. Run the following command to disable Modern Authentication:
Set-CsOAuthConfiguration -ClientAdalAuthOverride Disallowed
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.