![]() In Part 2 we dive into running Key Health Indicators or (KHI) for short on your servers. In part one of this series I introduced the Microsoft Call Quality Methodology and have a high level overview of what CQM was and how you could start your journey to improving user experience for your Lync or Skype for Business Server deployment. If you support both Office 20 then you will need to follow the steps above. If you are running Office 2016 then you will already have support for Modern Auth so you will not have to make any changes to your environment. HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\Version HKCU\SOFTWARE\Microsoft\Office\15.0\Common\Identity\EnableADAL ![]() ![]() To enable the in-band setting on the Lync server, run the following cmdlet: $a = New-CsClientPolicyEntry -name AllowAdalForNonLyncIndependentOfLync -value "True" Set-CsClientPolicy -Identity Global -PolicyEntry enable Modern Authentication for Office 2013 applications on a Windows-based device, you must set an additional registry key: Note This option is available through the September PU only. HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\16.0\Lync Method 2: As an in-band setting on the Lync server HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lyncįor Skype for Business or Lync 2013 clients 16.0*: Note The option to enable this setting through Group Policy is available only after you apply the July, 2015 Public Update (PU).įor Skype for Business or Lync 2013 clients 15.0* (available from the September 2015 PU only): KB3082803 goes into detail on how to do this. That’s certainly a mouthful! The Allow AllowAdalForNonLyncIndependentOfLync setting in Skype for Business allows you to provide the Modern Auth experience for users of Office 2013 so they don’t need to use the MFA password in their client. However, it’s also a tedious one to have to enter into your client or phone. You can have the users request and enter an MFA password for their Skype client or you can enable support for the Office 2013 user.Ĭlearly this would be a hard password to guess which makes it secure. IssueĪny pre-office 2016 Skype client is not ADAL/MFA aware and as such when you sign onto Skype for Business or Lync Server, the client fails to connect to the Exchange mailbox for clients that have MFA enabled. This enables sign-in features such as Multi-Factor Authentication (MFA). MFA is a feature provided by Modern authentication which brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms. Why might we enable MFA? As the name implies you want to have multiple layers of security to ensure a user is really that user. Specifically, I am referring to customers that have moved to Exchange Online and have Skype for Business Server installed on their premises. With more and more customers adopting the Enterprise Mobility Suite I am encountering customers that run into issues with turning on Microsoft Multi-Factor Authentication (MFA) within Office365 and not being fully prepared for how that impacts the Skype for Business client.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |