Share via

About modern authentiation

Kuronuma 230 Reputation points
2024-08-01T06:08:14.6466667+00:00

In Microsoft365, the modern authentication function allows you to access Outlook and Teams without authentication if you have signed in to a computer or account once. *I think the period is currently set to 90 days. I was considering turning off this modern authentication function, but at the time of implementation, the vendor told me that the function was not available and that I could not set the period to 0 days, so I gave up. questions Is it possible to turn off the modern authentication function? I recently found the following article. https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

If the above is possible, what will happen to modern authentication for other Microsoft365 services such as Teams?

I am using IIj as my authentication infrastructure. Are there any possible effects?

Are there any effects or disadvantages to turning off the modern authentication function?

If you turn it off, what will be the scope? (Per account, per tenant, per function such as Outlook, etc.)

Microsoft Exchange
Microsoft Exchange
Microsoft messaging and collaboration software.
522 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,451 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Muffuh Bertrand Akehmbom 0 Reputation points
    2024-08-01T06:45:09.3233333+00:00

    Hello Kuronuma

    My name is Muffuh Bertrand and i'm an independent advisor and a Microsoft user like you.

    Regarding your issue, please note Modern authentication in Microsoft 365 enables features like multi-factor authentication (MFA), certificate-based authentication, and OAuth-based authentication for applications like Outlook and Teams. It enhances security by requiring users to reauthenticate periodically or when accessing sensitive resources.

    If you wish to disable modern authentication or adjust its settings, including reducing the token lifetime (the period after which users need to reauthenticate), you typically need administrative access to the Microsoft 365 Admin Center or Azure Active Directory (Azure AD) portal. Here’s a general approach to disabling modern authentication:

    1. Access Microsoft 365 Admin Center or Azure AD Portal: Sign in with administrative credentials.
    2. Navigate to Azure Active Directory settings: Depending on your setup, you may find these settings in the Azure portal under Azure Active Directory > Security > Conditional Access, or directly in the Microsoft 365 Admin Center under Settings > Org settings > Security & privacy.
    3. Disable Modern Authentication: Look for settings related to modern authentication, often found in Conditional Access policies or Authentication methods. You may have options to disable it entirely or adjust settings such as token lifetimes.

    Keep in mind that turning off modern authentication affects the way users authenticate to Microsoft applications, and it is generally not recommended due to security vulnerabilities associated with basic authentication.

    If you also want to adjust settings regarding the authentication period, you typically cannot set it to 0 days. The default authentication period is indeed often set to 90 days, and this is primarily determined by security policies within Microsoft 365. For more granular control over user sessions, you might look into configuring specific conditional access policies that meet your organization's needs.

    Hope this helps. Please feel free to repost or submit your vote. Your vote will make your post superior content and help other users in the community facing the same issue.

    in good faith,

    Bertrand

  2. Noah Ma-MSFT 2,725 Reputation points Microsoft Vendor
    2024-08-01T09:12:57.2766667+00:00

    Hi @Kuronuma ,

    Welcome to the Microsoft Q&A platform!

    For your concerns, I have the following to share with you.

    It is possible to turn off modern authentication for Exchange Online by the article you provided above. And if you disable modern authentication for one service, it doesn’t automatically disable it for other services.

    There are several disadvantages when you turn off modern authentication.

    • Modern authentication uses OAuth tokens, which are more secure compared to basic authentication.
    • Users might need to enter their passwords more frequently, reducing the convenience offered by modern authentication.
    • Some newer Microsoft 365 features and functionalities depend on modern authentication and may not work correctly if it’s disabled.

    The scope of turning off modern authentication typically applies at the service level for the entire tenant. For example, if you disable modern authentication for Exchange Online via the Microsoft 365 admin center or PowerShell, it will affect all users in your tenant who use that service.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it.

    0 comments
  3. David Broggy 5,716 Reputation points MVP
    2024-08-01T13:30:38.2266667+00:00

    Hi Kuronuma,

    Let me provide a different perspective:

    1. don't disable Modern Authentication
    2. really put some time into learning the features of conditional access and how to set the sign in frequency. Great article here:

    https://office365itpros.com/2023/03/14/azure-ad-sign-in-frequency-guests/#:~:text=Azure%20AD%20sign%2Din%20frequency%20is%20the%20period%20before%20a,for%20its%20sign%2Din%20frequency.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.