Subscribe to Help Center RSS FeedBy default, the Modern Authentication required for third-party SAML SSO to work with Microsoft 365 is enabled for Exchange Online, though this setting can be changed by administrators. Before you continue to set up SSO, you’ll want to verify that it is enabled in your organization. To read more on Modern Authentication and how it affects Office applications, see Microsoft's Modern Authentication and Office Applications.
To verify if Modern Authentication is enabled:
- Connect to Microsoft 365 with Microsoft Graph PowerShell.
- Connect to Exchange Online and check if Modern Authentication is turned on by entering the following commands in order:
- Store your Office 365 admin credentials: $UserCredential =
- Create the Office 365 Session:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection - Connect to the Office 365 Exchange session:
Import-PSSession $Session -DisableNameChecking - Run command to verify Modern Authentication:
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto - You should see results like this:
- Store your Office 365 admin credentials: $UserCredential =
Name OAuth2ClientProfileEnabled
---- --------------------------
testdomaincom.onmicrosoft.com True
- If Modern Authentication isn’t enabled, run the following command to enable it:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
Back to Top
Learn More