for Microsoft 365
Question
For Microsoft 365 modern authentication, since the authentication token will remain for a certain period of time according to Microsoft specification, once logging in, the user will remain in the session and will continue to be able to use the application even outside of the range of HENNGE Access Control for a certain period of time.
In this scenario, is there a way to disable modern authentication for Microsoft 365 applications?
Answer
You can disable modern authentication by following the instruction below.
1. Installation of AzureAD PowerShell V2.0
1-1. Prepare a PC that has AzureAD PowerShell V 2.0 installed
OS specifications (any of the followings)
・Windows 10
・Windows 8.1
・Windows 7 SP1
・Windows Server 2016
・Windows Server 2012 R2
・Windows Server 2012
・Windows Server 2008 R2 SP1
1-2. Installation of .NET Framework 4.5 or higher
If .NET Framework 4.5 or higher is not yet installed, please download the installation from the following site. ※Windows 10 and Windows Server 2016 are not required.
https://msdn.microsoft.com/en-us/library/5a4x27ek(v=vs.110).aspx
1-3. Installation of Windows Management Framework 5.0
You can download the installation of Windows Management Framework 5.0 from the following site.
※Windows 10 and Windows Server 2016 are not required.
For Windows Server 2008 SP1 and Windows 7 SP1, installation of Windows Management Framework 4.0 is required.
https://msdn.microsoft.com/ja-jp/powershell/wmf/5.0/install
1-4. Installation of PowerShell Azure AD v 2.0
Open Windows PowerShell and enter the following command.
Install-Module -Name AzureAD
Answer "Y" to all the questions displayed and proceed to the end of the installation.
2. Disable Modern Authentication
2-1. Connect to Azure Active Directory
Enter the following command in Windows PowerShell and enter administrator ID and password for Azure Active Directory (same as Microsoft 365 administrator ID and password.
Connect-AzureAD
2-2. Disable Modern Authentication (For all users)
To disable modern authentication for all users, enter the following command in Windows PowerShell.
※Note that It will take some time for the setting of authentication to become effective.
Get-AzureADUser | Revoke-AzureADUserAllRefreshToken
2-3. Disconnect Modern Authentication (For a single user)
To disable modern authentication for individual user, enter the following command in Windows PowerShell.
Revoke-AzureADUserAllRefreshToken -ObjectId (Get-AzureADUser -SearchString <username>).objectId
Command example)
If the username (UPN) is user@hde.com
Revoke-AzureADUserAllRefreshToken -ObjectId (Get-AzureADUser -SearchString user@hde.com).objectId