At this moment modern authentication must be enabled by enrolling into this Microsoft Connect program; The end-user must use Skype for Business Online. Configure Skype for Business Online for the Presence service For example, you may have powerful Site Collection Administrator access to SharePoint Online, but if you switch to another online workload, like Skype for Business Online, you may have the privileges to troubleshoot user issues, not change the configuration of the server or servers. About modern authentication and HMA you will find in my following post all necessary information. The steps can be boiled down to the following: Tell AAD about onprem webservice urls. Let’s look at this in more detail. ADAL works with OAuth 2.0 to enable more authentication and authorization scenarios, like Multi-factor Authentication (MFA), and more forms of SAML Auth. Now the client has an on-premise Active Directory which is synced with AAD Connect to Office 365. The only issue we have encountered so far is that with MFA enabled Skype 4 Business does not connect to Office 365 and fails to authenticate. enable modern authentication skype for business on premise For example, the Skype for Business 2015 client (the one that ships with Office 2013, and without modern authentication enabled) cannot interpret the Conditional Access policy and as such will bypass the controls. This post is split into two parts, in part 1 we configure HMA for Exchange and in part 2 for Skype for Business. This article applies to both Microsoft 365 Enterprise and Office 365 Enterprise. Step 5: Verify that the change was successful by running the following: The expected result: ClientAdalAuthOverride : Allowed Get-CsOAuthConfiguration Add EWS permissions: API permissions > Add a permission > on Microsoft APIs scroll down to Exchange > Delegated permission > on EWS check EWS.AccessAsUser. AAD will auto-generate an ID. This post is split into two parts, in part 1 we configure HMA for Exchange and in part 2 for Skype for Business. Service app ID and app Key. We have enabled our Office 365 tenant for Azure authentication and are using modern authentication in outlook to access the service without app passwords. Skype for Business Using MFA Not Accepting App Password This is why, though modern authentication is about client and server communication, the steps taken during configuring MA result in evoSTS (a Security Token Service used by Azure AD) being set as Auth Server for Skype for Business and Exchange server on-premises. First we check the status on our on-premises Skype for Business Server by running the following PowerShell command: Get-CSOAuthConfiguration. For example, you may have powerful Site Collection Administrator access to SharePoint Online, but if you switch to another online workload, like Skype for Business Online, you may have the privileges to troubleshoot user issues, not change the configuration of the server or servers. Skype for Business Autodiscover