Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames # For your Exchange-related URLs, type the following command: Now we need to connect to the Azure AD using the Connect-MsolService command as follows. Get-AutodiscoverVirtualDirectory | FL server,*url*Įnsure the URLs clients may connect to are listed as HTTPS service principal names in AAD Get-OABVirtualDirectory | FL server,*url* Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri
Get-WebServicesVirtualDirectory | FL server,*url* Get-MapiVirtualDirectory | FL server,*url* Therefore we first gather all the URLs we need to add as SPN in Azure AD as follows.
How to configure Exchange Server on-premises to use Hybrid Modern Authenticationįirst we need to add our on-premises web service URLs as Service Principal Names (SPNs) in Azure AD. I will use the following post from Microsoft to configure it. Hybrid Modern Authentication (HMA) is a method of identity management that offers more secure user authentication and authorization, and is available for Exchange server on-premises hybrid deployments. Now we can configure our on-premises Exchange Server to use Hybrid Modern Authentication. If the command returns an empty OAuthServers property, or if the value of the ClientADALAuthOverride property is not Allowed, then modern authentication is disabled.įor more information about the Get-CsOAuthConfiguration cmdlet, see Get-CsOAuthConfiguration.Īlso on my on-premises Skype for Business server in my lab environment, modern authentication is disabled.Īfter that check if your on-premises environment meets the prerequisites for modern authentication.ĭo you meet modern authentication prerequisites?
We also check the status on our on-premises Skype for Business Server by running the following PowerShell command:
So on the Exchange Servers in my lab environment, modern authentication is disabled. If the value of the OAuth2ClientProfileEnabled property is False, then modern authentication is disabled.įor more information about the Get-OrganizationConfig cmdlet, see Get-OrganizationConfig. Turn on Modern Authentication for Exchange Onlineīefore you enable modern authentification for your on-premises environment, please check that you enabled it first for Exchange Online.įollow the instructions here: Exchange Online: How to enable your tenant for modern authentication.įirst we check the status on our on-premises Exchange Server by running the following PowerShell command:
0 kommentar(er)
