Removing or disabling modern authentication from Skype for Business and Exchange

If you've enabled Hybrid Modern Authentication (HMA) only to find it's unsuitable for your current environment, you can disable HMA. This article explains how.

Who is this article for?

If you've enabled Modern Authentication in Skype for Business Online or On-premises, and/or Exchange Online or On-premises and found you need to disable HMA, these steps are for you.

Important  See the 'Skype for Business topologies supported with Modern Authentication' article if you're in Skype for Business Online or On-premises, have a mixed-topology HMA, and need to look at supported topologies before you begin.

How to disable Hybrid Modern Authentication (Exchange)

  1. Exchange On-premises: Open the Exchange Management Shell and run the following command.

    1. Set-OrganizationConfig -OAuth2ClientProfileEnabled $false

    2. Set-AuthServer -Identity evoSTS -IsDefaultAuthorizationEndpoint $false

  2. Exchange Online: Connect to Exchange Online with Remote PowerShell. Run the following command to turn your OAuth2ClientProfileEnabled flag to 'false'.

    1. Set-OrganizationConfig -OAuth2ClientProfileEnabled:$false

How to disable Hybrid Modern Authentication (Skype for Business)

  1. Skype for Business On-premises: Run the following commands in Skype for Business Management Shell.

    1. Set-CsOAuthConfiguration -ClientAuthorizationOAuthServerIdentity ""

  2. Skype for Business Online: Connect to Skype for Business Online with Remote PowerShell. Run the following command to disable Modern Authentication.

    1. Set-CsOAuthConfiguration -ClientAdalAuthOverride Disallowed

Link back to the Modern Authentication overview.

Expand your Office skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×