By default, the Modern Authentication required for third-party SAML SSO to work with Microsoft 365 is enabled for Exchange Online, though this setting can be changed by administrators. Before you continue to set up SSO, you’ll want to verify that it is enabled in your organization. To read more on Modern Authentication and how it affects Office applications, see Microsoft's Modern Authentication and Office Applications.
Verify Modern Authentication is enabled
Using Exchange Online Powershell
- On a Microsoft Windows X86-based computer, run PowerShell as an administrator.
- Connect to Exchange Online PowerShell and run the following:
- Import-Module ExchangeOnlineManagement
- Connect-ExchangeOnline -UserPrincipalName <UPN>
- Verify Modern Authentication is turned on:
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
- You should see results like this:
Name OAuth2ClientProfileEnabled
---- --------------------------
testdomaincom.onmicrosoft.com True
- If Modern Authentication isn’t enabled, enable it:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Using Microsoft 365 admin center
- Log in to the Microsoft 365 admin center.
- Navigate to Settings > Org Settings > Modern Authentication.
- Verify Turn on modern authentication for Outlook 2013 for Windows and later (recommended) is checked. If not, select the checkbox.
- Click Save.