This document is deliberately technical. It is a summary of the issues related to a Microsoft Office 365 forced change that will occur on February 29, 2020
. Any iEditWeb, Inc. customers that need help with this issue should contact iEditWeb at 651-691-4500 (Minneapolis) or 239-645-4300 (Fort Myers) and schedule a time to resolve these issues before February 29,2020
. This date lands on a Sunday so any emergency support needed to resolve these issues will be billed at the emergency support rate. Furthermore any calls that come on on Monday March 1, 2020
will be placed into a queue and handled in the order they come in.
On February 29, 2020 Microsoft will be changing the security settings for most iEditWeb, Inc. Office 365 customers. The following issues are anticipated as a result of this change.
All accounts that have administrative access will be switched to Multi-factor authentication (MFA).
- If these accounts do not have a valid cell phone number, alternate email address or Microsoft Authenticator, the account holder will lose access completely.
- Accounts that use Microsoft Outlook desktop application will no longer be able to access their email with Outlook.
- These accounts will no longer be able to use PowerShell for administration.
- Accounts created before August, 1 2017 will not be able to use the Microsoft Outlook desktop application until changes are made using PowerShell.
- Of course, PowerShell will not work once these changes are made unless a LOT of extra effort is made.
If for any reason the customer does not work with us before these changes are made automatically, there WILL be more time and as a result expense to resolve these issues.
In order to use the Microsoft Outlook desktop application the users computer must either be in the AzureAD domain or use an application password. These features will not work unless your tenant (the official name of the place all email accounts for your organization are stored) is configured for Modern Authentication. This can ONLY be done using Power Shell. Power Shell will not work if the security changes have already been made. This will require an additional step. These steps will work if done before the security changes have been made. These instructions assume Windows 10. Allow your global administrator access to use Power Shell.
Make it so Power Shell can access Office 365 Exchange server.
- Log into portal.office.com with a global administrator account.
- On the left, select Show All | Exchange.
- Select Permissions
- Click on Organization Management
- Click on the pencil at the top of the list of roles.
- Click on the plus below Members:
- Use this dialog to add yourself to the members list.
- Press OK
- Press Save.
Follow directions at Connect to Exchange Online PowerShell.
This will require your Global Administrator account. Enable Modern Authentication in PowerShell
Once you have successfully connected to your Exchange account with PowerShell, enter the following and press enter.
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
You may now close PowerShell.
More detailed information here. If the new security settings are already set
If the new security setting are already in place, you will need to temporarily disable them.
- Log into https://portal.azure.com with your global administrator account.
- At the top, click on the Azure Active Directory Icon.
- Click on properties on the left menu.
- Click on "Manage Security defaults" at the bottom of the page.
- Under "Enable Security Defaults" click No.
- Click "My organization is using Conditional Access"
- Click the Save Button.
- You can now use PowerShell as described above.
- When you are finished enabling Modern Authentication, re-enable "Security Defaults."
The best scenario is if we manually enable the security settings before Microsoft does it on February 29, 2020. The following steps outline the best way to do this.
Log into https://portal.office.com with your global administrator account.
Select Users | Active users from the menu at the left.
- Click on "Multi-factor authentication" above the list of users. A new browser window will open.
- Click on the user you want to enable MFA for.
- On the right side of the window, click "Enable."
- A dialog box will come up. Click "enable multi-factor auth"
- The dialog box will say "Updates Successful". Click "close."
The user with the MFA enabled, should not log into portal.office.com. They will be asked to provide additional information like cell phone number etc. to set up MFA.
If your computer is using Outlook 2016 or earlier , you will need to setup application passwords for those applications.Instructions to set up application passwords.