Enable Modern Authentication for Microsoft 365

By default, the Modern Authentication required for third-party SAML SSO to work with Microsoft 365 is enabled for Exchange Online, though this setting can be changed by administrators. Before you continue to set up SSO, you’ll want to verify that it is enabled in your organization. To read more on Modern Authentication and how it affects Office applications, see Microsoft's Modern Authentication and Office Applications

Verify Modern Authentication is enabled

Using Exchange Online Powershell

  1. On a Microsoft Windows X86-based computer, run PowerShell as an administrator.
  2. Connect to Exchange Online PowerShell and run the following:
    • Import-Module ExchangeOnlineManagement
    • Connect-ExchangeOnline -UserPrincipalName <UPN>
  3. Verify Modern Authentication is turned on:

Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

  1. You should see results like this:

          Name                        OAuth2ClientProfileEnabled
          ----                        --------------------------
          testdomaincom.onmicrosoft.com                True

  1. If Modern Authentication isn’t enabled, enable it:

Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Using Microsoft 365 admin center

  1. Log in to the Microsoft 365 admin center.
  2. Navigate to Settings > Org Settings > Modern Authentication
  3. Verify Turn on modern authentication for Outlook 2013 for Windows and later (recommended) is checked. If not, select the checkbox.
  4. Click Save.
Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case