question

NWAdmin-3334 avatar image
0 Votes"
NWAdmin-3334 asked NWAdmin-3334 answered

365 Modern Authentication

Hello,
I am going to be enabling modern authentication in office 365 and wanted to doublecheck the consequences. I am always cautious with changes that affect everyone at once.

We currently do not have modern authentication or security defaults enabled. We use the ios mail app, the outlook app for iPhone, and outlook 2016 & 2019 on windows computers. We dont' do much with powershell. We use one drive & azure backup, but no other azure services. I am mostly concerned about people getting to their email. We currently do not use MFA.

I want to enable MFA, but when I did, it broke the outlook sign in for those that had MFA. After research, I've concluded that is because we don't have modern authentication enabled.

My Plan is to:
a). enable modern authentication for the organization.
b). gradually start adding MFA on a per-user basis, starting with admins and high risk accounts, as fast as I can keep up.
c). eventually enabling security defaults.

I don't have any plan to enable conditional access at this point, as our plan doesn't support it.

My understanding is that everyone is going to be prompted to log back in after I enable modern authentication. This will be on their iPhones, iPads, and Windows Outlook apps. Once they log back in, they will be good to go for some period of time - although they may get prompted periodically (no more than once a week?)

Am I missing anything? specifically around turning on modern authentication, what other affect will it have, other than prompting users to log in again?

Thanks

office-exchange-online-itproazure-security-center
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

michev avatar image
0 Votes"
michev answered

There are no adverse effects here, after you enabled Modern auth older auth methods will continue to work until you specifically disable them (or toggle Security defaults on). Just educate your users on how to register their MFA info and warn them about the change, and you're good to go.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KyleXu-MSFT avatar image
0 Votes"
KyleXu-MSFT answered KyleXu-MSFT commented

@NWAdmin-3334

Here are effect on end users: Azure AD Multi-Factor Authentication user states
76182-qa-kyle-15-57-33.png


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks.

The state I am going for is:
Modern Authentication is enabled, but multi-factor authentication is disabled.

This would just be until I can enable multi-factor on a per-user basis.

0 Votes 0 ·

If so, user still could use mailbox as before. They need to configure SMS verification until you enable MFA for them.

0 Votes 0 ·

@NWAdmin-3334
Any update about this thread now?

0 Votes 0 ·
NWAdmin-3334 avatar image
0 Votes"
NWAdmin-3334 answered

Thanks for the help on this. It was helpful to moving us forward.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.