The Application ID 00000004-0000-0ff1-ce00-000000000000 belongs to Skype for Business Online which you can see in Azure Enterprise applications. Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 | Select -ExpandProperty ServicePrincipalNames # For your SFB-related URLs, type the following command: Now we need to connect to the Azure AD using the Connect-MsolService command as follows. Clients authenticating to a server make use of information that’s contained in SPNs. Note Service principal names (SPNs) identify web services and associate them with a security principal (such as an account name or group) so that the service can act on the behalf of an authorized user. Now you’ll need to run commands to add the URLs (collected earlier) as Service Principals in SFBO. Now we need to add our on-premises web services URLs as SPNs in Azure AD. In this case, use the pool fqdn for the internal URL. If you’re using a Standard Edition server as in my case, the internal URL will be blank.
Get-CsService -WebServer | Select-Object PoolFqdn, InternalFqdn, ExternalFqdn | FL To obtain these, run the following from Skype for Business Management Shell: You’ll need internal and external web service URLs for all SfB pools deployed. The GUID that represents your Office 365 tenant (at the login of ). Turn on Modern Authentication for Skype for Business Onlineīefore you enable modern authentification for your on-premises environment, please check that you enabled it first for Skype for Business Online.įollow the instructions here: Skype for Business Online: Enable your tenant for modern authentication.įirst we will create a file to hold the info you’ll need for configuring HMA in the steps ahead.Įx.
#Skype for business powershell mfa how to
How to configure Skype for Business on-premises to use Hybrid Modern Authentication
I will use the following post from Microsoft to configure it. Modern Authentication, is a method of identity management that offers more secure user authentication and authorization, is available for Skype for Business server on-premises and Exchange server on-premises, and split-domain Skype for Business hybrids. Now we can configure our on-premises Skype for Business Server to use Hybrid Modern Authentication. Skype for Business topologies supported with Modern Authentication If the command returns an empty OAuthServers property, or if the value of the ClientADALAuthOverride property is not Allowed, then modern authentication is disabled.įor more information about the Get-CsOAuthConfiguration cmdlet, see Get-CsOAuthConfiguration.Īlso on my on-premises Skype for Business server in my lab environment, modern authentication is disabled.Īfter that check if your on-premises environment meets the prerequisites for modern authentication. Oh, apparently the good news don’t stop here – the SharePoint Online PowerShell module also has ADAL support now.First we check the status on our on-premises Skype for Business Server by running the following PowerShell command:
#Skype for business powershell mfa download
You can download the new version (.0 or 7.0.0.0 as reported via PowerShell) from the Microsoft Download Center here: With that, there’s practically no excuse to not have some form of MFA enabled for all you tenant admins. You will be connected and the SfB Online cmdlets downloaded.
The familiar dialog will popup and after entering the password, you will have to perform the second-factor authentication, in this case Azure MFA:Īnd pretty much that’s it. The difference is that instead of passing a Credentials object, you can use the New-CsOnlineSession with just the username to trigger the ADAL flow: New-CsOnlineSession -UserName the scenes, this will fire up the Get-CsAccessToken cmdlet to obtain the token from Azure AD.
Finally!Ĭonnecting to SfB Online PowerShell works as before, you need to use the New-CsOnlineSession to create a session, then use the Import-PSSession to download all the cmdlets. Short, but important – a new version of the Skype for Business PowerShell module has been released, which brings support for ADAL.
0 kommentar(er)
