Configuring Exchange Online Modern Authentication for Federation

If you are federating EmpowerID with Office 365 and using the Outlook Rich Client, you need to enable modern authentication for Exchange Online. Modern authentication is a Microsoft implementation that enables Office client applications to integrate with third-party Identity Providers using OAuth. This topic demonstrates how to configure Exchange Online to allow federated users to use the Outlook Rich Client.


You must have a licensed corporate Office 365 account, connect EmpowerID to Office 365, and set up SSO with Office 365.

To configure Exchange Online for Modern Authentication

  1. Run Azure AD PowerShell module as an administrator.
  2. Run the following cmdlet to create a credential object:

    $credential = Get-Credential
  3. In the Credentials window that appears, type the username and password for an Office 365 global administrator and click OK.

  4. Once you have connected, run the following cmdlet to create a remote PowerShell session with Exchange Online:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $Cred -Authentication Basic -AllowRedirection
  5. Run the following cmdlet to set the session with Exchange Online:

    Import-PSSession $Session
  6. Run the following cmdlet to enable Modern Authentication for Exchange Online:

    Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
  7. Run the following cmdlet to check that Modern Authentication for Exchange Online has been enabled:

    Get-OrganizationConfig | ft name, *OAuth*
  8. Run the following cmdlet to close the session:

    Remove-PSSession $Session