Can't force Modern Authentication when using Connect-SPOService cmdlet in SharePoint Online Management Shell


You can't force Modern Authentication when you use the Connect-SPOService cmdlet in Microsoft SharePoint Online Management Shell, unless you add an undocumented registry key to your client computer.


This issue can occur if you added an Active Directory Federation Services (ADFS) claim rule to block legacy authentication requests when these requests don't originate from your expected IP range. The Connect-SPOService cmdlet uses legacy authentication but doesn't pass along the IP range information, so the cmdlet is blocked.



Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, back up the registry for restoration in case problems occur.

To work around this issue, add the following registry subkey on the client computer to force Modern Authentication.


"ForceOAuth" = dword:00000001

More information

Still need help? Go to Microsoft Community.

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.