Enable Modern Authentication for Microsoft 365

By default, the Modern Authentication required for third-party SAML SSO to work with Microsoft 365 is enabled for Exchange Online, though this setting can be changed by administrators. Before you continue to set up SSO, you’ll want to verify that it is enabled in your organization. To read more on Modern Authentication and how it affects Office applications, see Microsoft's Modern Authentication and Office Applications

To verify if Modern Authentication is enabled:

  1. Install the Azure Active Directory Module for Windows PowerShell.
  2. Connect to Exchange Online and check if Modern Authentication is turned on by entering the following commands in order:
    • Store your Office 365 admin credentials: $UserCredential = Get-Credential
    • Create the Office 365 Session:​
      $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
    • Connect to the Office 365 Exchange session:
      Import-PSSession $Session -DisableNameChecking
    • Run command to verify Modern Authentication:
      Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
    • You should see results like this:

          Name                        OAuth2ClientProfileEnabled
          ----                        --------------------------
          testdomaincom.onmicrosoft.com                True

  1. If Modern Authentication isn’t enabled, run the following command to enable it:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case