Skype for Business mobile users can't sign in when Modern Authentication is enabled

PROBLEM
Consider the following scenario:

  • Modern Authentication is enabled in your organization.
  • Azure Multi-Factor Authentication (MFA) is also enabled in the organization.
In this scenario, Skype for Business users on iOS and Android mobile devices can't sign in when multi-factor authentication is required and when the Skype for Business organization isn't a pure online organization.
SOLUTION
For on-premises deployments: Modern Authentication for Skype for Business Server 2015 was released in the March 2016 Cumulative Update (CU2). Additionally, both iOS and Android apps have been updated to support Modern Authentication with Skype for Business Server 2015.

To resolve this issue:
  1. Install the March 2016 (or later) cumulative update for Skype for Business Server 2015.
  2. Set up Modern Authentication following the steps in How to use Modern Authentication (ADAL) with Skype for Business.
  3. Install SfB for iOS version 6.3 or later.
  4. Install SfB for Android version 6.2.0.3 or later.

Note Lync Server 2013 does not support Modern Authentication.

  • For Office 365 tenants (pure online): Multi-Factor Authentication is supported when you use Modern Authentication in a pure online organization. Enabling Modern Authentication for your Skype for Business Online tenant is a pre-requisite before the mobile apps can leverage Modern Authentication. Modern Authentication is OFF by default in for Skype for Business in Office 365, tenant admins need to first enable their tenant for Modern Authentication. 
  • For Skype for Business hybrid deployments:
    • Modern Authentication is supported in hybrid deployments in which users are homed in Skype for Business Server 2015 and have a mailbox in Exchange Online and Modern Authentication is enabled for both. 
    • Currently Modern Authentication is not supported for Skype for Business Server 2015 and Skype for Business Online split domain hybrid deployments.

MORE INFORMATION
  • A pure online deployment is one in which all your users are in Skype for Business Online.
  • An on-premises deployment is one in which all your Skype for Business users are homed in a Lync Server or Skype for Business Server environment.
  • A hybrid deployment is one in which some of your Skype for Business users are on-premises, and other users are in Skype for Business Online, and both groups share the same domain.

Still need help? Go to the Office 365 Community website.
Properties

Article ID: 3126604 - Last Review: 07/12/2016 09:13:00 - Revision: 5.0

Skype for Business Online, Skype for Business, Skype for Business 2015, Skype for Business Server 2015, Skype for Business 2016

  • o365 o365e o365p o365a o365m o365022013 KB3126604
Feedback