That plus the fact that I have 100% positive results with the validation script ( ), is making me think I'm not way out in left field.Īgain, the "Configure Hybrid Modern Authentication" article doesn't make any changes to existing authentication settings on virtual directories, other than to add OAuth if necessary to MAPI, EWS, OAB, and Autodiscover. When enforcing via Conditional Access, I can successfully limit the latter to only compliant devices (which I've enrolled to Intune). I will also add that I test successfully with Outlook for Android and can setup both "Exchange" and "Exchange (Hybrid)" accounts. I really think it would help with adoption since the impact to existing ActiveSync clients is a lot less than customers might otherwise assume. My testing with Exchange 2016 CU16 confirms these findings, but it would be nice to have it confirmed as the expected behavior. I'd like to fact check this understanding before I submit a pull request to include this info in the article. Existing ActiveSync devices (Outlook for iOS and Android and other modern authentication ActiveSync clients included) will continue to work using Basic authentication and won't automatically change over to HMA.Non modern authentication ActiveSync clients can still use Basic authentication. If unable to get through due to Conditional Access policy, the user can successfully choose to do manual setup and get through using basic authentication. New setups with Outlook for iOS and Android and other modern authentication ActiveSync clients will follow the HMA.But in reality (of my testing with vanilla Exchange 2016 CU16), it seems as though the impacts to ActiveSync clients are mainly: The way all HMA documentation is described, including the announcement blog post, it sounds as though all existing clients are at risk of stopping to work if they can't do modern auth.
The reason I ask is that, if I am right, then this could really stand to be included in a purple note at the top of the docs article (link at the top of this post). Both these things seem to align with the fact that the process of enabling HMA doesn't involve disabling any authentication mechanisms.Īm I misunderstanding this, or do I not have it right?
It also seems that I can setup new basic authentication ActiveSync devices after HMA has been enabled. I have found in testing that simply enabling Hybrid Modern Authentication doesn't impact existing, allowed (via Exchange ABQ/(default)device access rule(s)) ActiveSync devices.
0 kommentar(er)
