Modern Authentication configuration requirements for transition from Office 365 dedicated/ITAR to vNext
Summary
This article describes configuration requirements for Modern Authentication after a transition from Microsoft Office 365 dedicated/ITAR to vNext, depending on Outlook version.
More Information
The configuration requirements vary, depending on the Outlook version. The following table outlines the requirements and includes links to related articles.
| Outlook version | Modern auth support | EnableADAL reg key required | AlwaysUseMSOAuthForAutodiscover reg key required | MAPI/HTTP required (remove any blocks currently) |
|---|---|---|---|---|
| Outlook 2016 | Yes | No | Yes | Yes |
| Outlook 2013 | Yes | Yes | Yes | Yes |
| Outlook 2010 | No | Not available | Not available | Not available |
Important
Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.
Outlook 2010
- Modern Authentication is not supported.
- Users use Basic Authentication and may be prompted multiple times for credentials.
Outlook 2013
Modern Authentication is not enabled by default.
Modern Authentication can be enabled by setting the DWORD value to 1 in the following registry subkeys:
HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADALHKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\VersionFor more information, see Enable Modern Authentication for Office 2013 on Windows devices.
It is recommended that users force Outlook to use Modern Authentication by setting the DWORD value of the following registry key to 1.
HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover
Outlook 2016
Modern Authentication is enabled by default.
It is recommended that users force Outlook to use Modern Authentication by setting the DWORD value of the following registry key to 1:
HKEY_CURRENT_USER\Software\Microsoft\Exchange\AlwaysUseMSOAuthForAutoDiscover
For more information, see Outlook prompts for password and doesn't use Modern Authentication to connect to Microsoft 365.
MAPI/HTTP cannot be disabled. For more information, see Outlook 2010, 2013, 2016, or Outlook for Microsoft 365 doesn't connect Exchange using MAPI over HTTP as expected.
Skype for Business or Lync 2013
Recommend that users enable Modern Authentication after the Skype migration is completed.
Recommend that users enable the following registry keys if you use Modern Authentication for Exchange. To do that, set the DWORD value to 1.
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync\ AllowAdalForNonLyncIndependentOfLyncHKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Lync\ AllowAdalForNonLyncIndependentOfLync