In the above chart, steps 3a, 4a, 5a and 6a take place when Modern auth is enabled for the end user. The following diagram illustrates the coordination between Exchange Server, ADFS and Outlook to authenticate a user using Modern auth. These access tokens are validated by Exchange Server to provide client access to the user’s mailbox. Once ADFS authenticates a user, it generates access tokens. Users can then authenticate by providing credentials or performing multi-factor authentication.
When Modern auth is enabled for a user, their Outlook client is redirected to ADFS. With Modern auth, users can authenticate to Exchange using ADFS. How will Modern Authentication work and is this feature applicable to me? This new feature allows Modern auth use by customers who don’t have Azure AD or aren't in an Exchange Hybrid configuration.
In fact, HMA is still the only recommended method to enable Modern auth for all on-premises and cloud users in an Exchange Hybrid configuration. Modern auth in Exchange Server 2019 shouldn't be confused with Hybrid Modern Authentication, which uses Azure AD for modern authentication. Initially, this feature is available only for Outlook on Windows, but support for modern auth will be added to other Outlook clients in the future. To use modern auth, users need clients (Outlook or any other native OS clients) that support Modern auth using ADFS. This document provides the prerequisites and steps to enable this feature. With the release of Exchange Server 2019 CU13, Exchange Server supports OAuth 2.0 (also known as Modern authentication) for pure on-premises environments using ADFS as a security token service (STS).
0 kommentar(er)
