{"id":776,"date":"2016-05-12T14:38:02","date_gmt":"2016-05-12T14:38:02","guid":{"rendered":"https:\/\/www.lieben.nu\/liebensraum\/?p=776"},"modified":"2016-05-12T14:38:02","modified_gmt":"2016-05-12T14:38:02","slug":"excluding-skype-for-business-from-adfs-mfa","status":"publish","type":"post","link":"https:\/\/lieben.nu\/liebensraum\/2016\/05\/excluding-skype-for-business-from-adfs-mfa\/","title":{"rendered":"Excluding Skype for Business from ADFS MFA"},"content":{"rendered":"

When you want to use Skype for Business Online, but are using an on premises ADFS implementation and require MFA for all logins, Skype for Business will fail to authenticate. It cannot handle the ADFS Multi-Factor challenge because MFA\u00a0is not yet supported for Office 365 Online Skype for Business tenants<\/a>.<\/p>\n

To exempt Skype for Business from your ADFS RPT, use the following claims rule<\/p>\n

\n\n$rp\u00a0= Get-AdfsRelyingPartyTrust -name "Microsoft Office 365 Identity Platform"\n\nSet-AdfsRelyingPartyTrust \u2013TargetRelyingParty $rp \u2013AdditionalAuthenticationRules 'NOT EXISTS([Type == "http:\/\/schemas.microsoft.com\/2012\/01\/requestcontext\/claims\/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http:\/\/schemas.microsoft.com\/2012\/01\/requestcontext\/claims\/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http:\/\/schemas.microsoft.com\/2012\/01\/requestcontext\/claims\/x-ms-client-user-agent", Value =~ "(?i)lync"]) => issue(Type = "http:\/\/schemas.microsoft.com\/ws\/2008\/06\/identity\/claims\/authenticationmethod", Value = "http:\/\/schemas.microsoft.com\/claims\/multipleauthn");'\n\n<\/pre>\n
*With thanks to the IT team at NHTV \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"
When you want to use Skype for Business Online, but are using an on premises ADFS implementation and require MFA for all logins, Skype for Business will fail to authenticate. It cannot handle the ADFS Multi-Factor challenge because MFA\u00a0is not yet supported for Office 365 Online Skype for Business tenants. To exempt Skype for Business … Continue reading Excluding Skype for Business from ADFS MFA<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_crdt_document":"","footnotes":""},"categories":[32,45],"tags":[],"class_list":["post-776","post","type-post","status-publish","format-standard","hentry","category-office-365","category-skype-online"],"_links":{"self":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/comments?post=776"}],"version-history":[{"count":0,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/posts\/776\/revisions"}],"wp:attachment":[{"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/media?parent=776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/categories?post=776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lieben.nu\/liebensraum\/wp-json\/wp\/v2\/tags?post=776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}