Action summary
This article explains the procedure to enable modern authentication required for access control using device certificates or OTP (One Time Password) in Exchange Online. You will check the configuration status of your Microsoft 365 tenant and make changes as necessary.
Notes
- The content of this article is based on product specifications as of April 2026 and is subject to change without notice.
- Due to updates or specification changes, some displays and procedures may differ.
- This operation should be performed using an onmicrosoft.com domain user.
- We recommend notifying users in advance as needed.
Procedure
- Access Exchange Online.
Connect to Exchange Online PowerShell (external link) -
Run the following command to check the current settings.
Get-OrganizationConfig | Format-Table Name,OAuth* -AutoIf enabled
If disabled
-
Enable modern authentication for Exchange Online with the following command.
* After running the command, it may take some time for the setting to become enabled.Set-OrganizationConfig -OAuth2ClientProfileEnabled $true* After this setting, the login screen for users who were logging in with legacy authentication may change, so we recommend notifying users in advance.
Reference
- Connect to Exchange Online PowerShell (external link)
- Enable modern authentication in Exchange Online (external link)