![skype for business known issues skype for business known issues](https://3k09.files.wordpress.com/2021/06/computer-3655479_1920.png)
Get-WebServicesVirtualDirectory | FL server,*url*,*oauth* Get-MapiVirtualDirectory | FL server,*url*,*auth* Now verify OAuth is properly enabled in Exchange on all of the Virtual Directories Outlook might use by running the following commands: In my case is still listed and also used for OWA. Set-MSOLServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $x.ServicePrincipalNames If you don’t see your internal and external MAPI/HTTP, EWS, ActiveSync, OAB, and Autodiscover records in this list, you must add them using the command below (the example URLs are ‘’ and ‘’, but you’d replace the example URLs with your own): $x= Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 If there are URLs from your on-premises that are missing, we will need to add those specific records to this list. Take note of (and screenshot for later comparison) the output of this command, which should include an and URL, but mostly consist of SPNs that begin with 00000002-0000-0ff1-ce00-000000000000/. The Application ID 00000002-0000-0ff1-ce00-000000000000 belongs to Exchange Online which you can see in Azure Enterprise applications. Get-MsolServicePrincipal -AppPrincipalId 00000002-0000-0ff1-ce00-000000000000 | select -ExpandProperty ServicePrincipalNames # For your Exchange-related URLs, type the following command: Now we need to connect to the Azure AD using the Connect-MsolService command as follows. Get-AutodiscoverVirtualDirectory | FL server,*url*Įnsure the URLs clients may connect to are listed as HTTPS service principal names in AAD Get-OABVirtualDirectory | FL server,*url* Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri Get-WebServicesVirtualDirectory | FL server,*url* Get-MapiVirtualDirectory | FL server,*url* Therefore we first gather all the URLs we need to add as SPN in Azure AD as follows.
#SKYPE FOR BUSINESS KNOWN ISSUES HOW TO#
How to configure Exchange Server on-premises to use Hybrid Modern Authenticationįirst we need to add our on-premises web service URLs as Service Principal Names (SPNs) in Azure AD.
![skype for business known issues skype for business known issues](https://www.healthcare.uiowa.edu/ncec/_images/SA002-Skype-Business-Web-App.jpg)
I will use the following post from Microsoft to configure it. Hybrid Modern Authentication (HMA) is a method of identity management that offers more secure user authentication and authorization, and is available for Exchange server on-premises hybrid deployments.
![skype for business known issues skype for business known issues](https://www.healthworkscollective.com/wp-content/uploads/2013/09/shutterstock_154645709-100x100.jpg)
Now we can configure our on-premises Exchange Server to use Hybrid Modern Authentication. If the command returns an empty OAuthServers property, or if the value of the ClientADALAuthOverride property is not Allowed, then modern authentication is disabled.įor more information about the Get-CsOAuthConfiguration cmdlet, see Get-CsOAuthConfiguration.Īlso on my on-premises Skype for Business server in my lab environment, modern authentication is disabled.Īfter that check if your on-premises environment meets the prerequisites for modern authentication.ĭo you meet modern authentication prerequisites?
![skype for business known issues skype for business known issues](https://images-na.ssl-images-amazon.com/images/I/414vCq-XNzL._SX342_SY445_QL70_ML2_.jpg)
We also check the status on our on-premises Skype for Business Server by running the following PowerShell command: So on the Exchange Servers in my lab environment, modern authentication is disabled. If the value of the OAuth2ClientProfileEnabled property is False, then modern authentication is disabled.įor more information about the Get-OrganizationConfig cmdlet, see Get-OrganizationConfig. Turn on Modern Authentication for Exchange Onlineīefore you enable modern authentification for your on-premises environment, please check that you enabled it first for Exchange Online.įollow the instructions here: Exchange Online: How to enable your tenant for modern authentication.įirst we check the status on our on-premises Exchange Server by running the following PowerShell command: