Diferences between basic and modern authentication with SSO on Outlook and O365

Hi,

On the project where I’m working (staged migration to O365) the costumer asked me about secure authentication for ActiveSync devices (iPhone/iPAD) and  computers (outlook 2010 SP2). I have implemented ADFS 3.0.

If you use Office 2010, the first time you configure Outlook it promt for credentials and it saves this on the Windows Credentials Manager. After, Outlook go to autenticate to Office 365 using Basic Authentication and is Office 365 who go after to ADFS.

O365BasicAuth

With Outlook 2013/2016 Outlook use Windows Authentication. It´s a real SSO because doesn’t save your user credentials on any place and it is who goes to ADFS and not O365. It is using Modern Authentication.

MAuth

Summarizing: Use Outlook 2013 or 2016 to have a real Single Sign On.

Note 1: Outlook 2013 by default uses Basic Auth, you need to activate Modern Auth.

Note 2: iOS built in email client uses Basic Auth. Install and use Outlook 2016 App.

References:

Modern Authentication:

https://blogs.office.com/2014/11/12/office-2013-updated-authentication-enabling-multi-factor-authentication-saml-identity-providers/

https://blogs.office.com/2015/03/23/office-2013-modern-authentication-public-preview-announced/

https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/

https://support.office.com/en-us/article/How-modern-authentication-works-for-Office-2013-and-Office-2016-client-apps-e4c45989-4b1a-462e-a81b-2a13191cf517?ui=en-US&rs=en-US&ad=US

https://blogs.office.com/2015/06/10/new-access-and-security-controls-for-outlook-for-ios-and-android/

Basic Authentication:

https://blogs.technet.microsoft.com/askpfeplat/2014/08/24/adfs-deep-dive-primer/

https://www.microsoft.com/en-us/download/details.aspx?id=28971

 

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s