Today, I am very happy to announce General Availability (GA) for Hybrid Modern Authentication (HMA) for Skype for Business and Exchange. This is a major milestone in our Modern Authentication journey.
This will enable customers to use Modern Auth enabled security features such as Multi Factor Authentication (MFA), Cert Based Authentication (CBA), AAD Conditional Access (CA) and Intune Mobile Application Management (MAM) for all their users, both those homed online as well as those homed onprem.
Here is a visual of the topology:
This design requires you to use Azure Active Directory as the authorization server for your onprem SfB and onprem Exchange deployments (note the blue arrow from SfB onprem and Exchange onprem to AUTH in the cloud).
The prerequisites and instructions to enable HMA can be found here: https://aka.ms/ModernAuthOverview
Updated list of SfB MA Supported Topologies is here: Skype for Business topologies supported with Modern Authentication
Also, two of my colleagues have published their own excellent blogs on this topic.
Announcing Hybrid Modern Authentication for Exchange On-Premises
Hybrid Modern Authentication for Skype for Business
Microsoft
