When the user contacts the and the access is blocked, the HTML page you saw in the screenshot above is returned. You can see that the Modern Authentication is enabled from the mex service Looking at the Fiddler trace, you see the client connecting to Skype for Business online.
If you are in a federated domain scenario, the client fist goes to O365 AD, then to the On-Premises ADFS and then back to Online. In my case I don’t have a federated domain. After adding the correct credentials, the request is either blocked in case of conditional access, additional sing-in required if MFA is enabled or the client continues to the normal sing-in on the Skype for Business server.A credentials prompt is shown to the user.It gets redirected to Azure AD since the Modern Authentication is enabled.Skype for Business client tries to authenticate on Skype for Business Online.What happened behind the scenes is the following: This rule has been applied to one O365 group.Īfter enabling the condition access policy (and MF for Skype for Business), the user received the Modern Authentication prompt.Īfter authenticating the following message is shown to the user. In this example, I created a conditional access rule to block access to Skype for Business for all devices but Android. More information about conditional access is available here. You also need at least an Azure AD Premium Plan 1 assigned to the user. Since these features are available only when Modern Authentication is available, Skype for Business Online needs to be enabled for it and the client has to support modern authentication. Together with Conditional Access, Modern Authentication enables Muilti Factor Authentication capabilities, Certificate Based Authentication and Mobile Device Management/Mobile Application Management. Modern Authentication is the Microsoft oAuth implementation and it uses ADAL which is the Active Directory Authentication Library used in Office 365.
Using modern authentication, you can work around this ‘limitation’ by implementing a Conditional Access Policy on Azure AD.Ĭonditional access is one of the features available with the Microsoft Modern Authentication. In some scenarios, customers might want to block the access from specific devices for specific group of users.īy default, Skype for Business Online doesn’t give you the possibility to block specific devices.
#How to use skype online license
Every time an Office 365 license which includes a Skype For Business Plan is assigned to a user on O365, this user can access Skype for Business from any device.
0 kommentar(er)
