Forum Discussion

Andrew_Husking's avatar
Feb 22, 2016

Office 365's new "Modern Auth"

Hi All,

 

We've just heard a rumor that Microsoft have released a new authentication model for Office 365 which they are using with Exchange Online and Skype for Business to start with.

 

Now we have been told that with this new authentication model that ADFS being fronted by APM for authentication/acting as an ADFS proxy is not and will not be supported due to the change in the way authentication works. From what we can tell, it will only break application clients (ActiveSync/Office/Skype) that aren't just a web page, but we really don't have much detail.

 

Does anyone have any experience with Office 365 off-prem setups and the new Modern Authentication model? Can anyone confirm that it doesn't in fact work? Is there anyone from F5 who has advice on if it's on the road map for being fixed/addressed/investigated?

 

Thanks in advanced.

 

  • If Azure AD is the IDP, then APM cannot be used to provide authentication. It can only be used in front of on-prem ADFS, another on-premier IDP, or having APM itself be an IDP to Office 365

  • ndaems's avatar
    ndaems
    Icon for Nimbostratus rankNimbostratus

     Hi,

    Even if this post if very old we are trying to implement ModernAuth on our Hybrid infrastructure

     

    We would like to use Azure AD as an IdP. Today we stuck as we never get the password popup in outlook.

     

    Can you please describe how you did this setup especially how you've been able to redirect Outlook to the APM Logon Page ?

     

    Thank you

     

    Nicolas

  • Andrew,

     

    I am not sure where you're getting the information about Modern Authentication breaking APM-as-ADFS-proxy deployment, but I think there may be some confusion going on around this change.

     

    Modern Authentication mode, aka ADAL, are leverage web browser for authentication of thick clients, and such mode of authentication is fully compatible with APM. If anything, support for Modern Authentication brings out additional opportunities for F5 customers who are using APM because they are free to leverage a multitude of MFA options to secure access to Office 365 and potentially simplify their federation configuration by having APM federate users to Office 365 instead of ADFS.

     

    To get an idea of what new possibilities Modern Authentication brings, check out this video that I recorded about securing access to Officee 365 from the full Outlook client leveraging MFA. https://www.youtube.com/watch?v=s5W6cgrxyrY