Azure AD Driver and Microsoft switch to mandatory MFA

Good morning,

We are currently running IDM 4.8.6 and the Azure AD Driver 5.1.7.0100.

In January 2025, Microsoft are mandating MFA for all the accounts in our tenant.

What options do I have to ensure the Driver continues to work with this change, which will impact the Authentication ID User that we have configured?

What is that User used for, if everything is now done with Graph (Client Secret) and the Exchange REST APIs?

Thanks,

-KA

Parents
  • 0

    Right, so I just removed the Authentication ID and the password, and the Driver starts and functions as normal. So, why would we ever even need those two values? Legacy support or some kind of fall back mechanism?

    Thanks,

    -K

  • Suggested Answer

    0   in reply to 

    Hi Keith

    I believe that this Authentication ID and the password still exist just for compatibility with previous versions and MSOnline PowerShell module.

    I saw examples of the code when Azure AD Driver executes the MSOnline PowerShell module.

    The functionality of this MSOnline module (officially deprecated by MS a number of years ago) partially migrated to AAD/MS.GRAPH modules, but it still has some "unique" functionality.

    MSOnline module uses SOAP API for access to AAD (that was never properly documented by MS).

    MSOnline doesn't support Enterprise Applications with certificate/secret-based authentication, only username/password method.

Reply
  • Suggested Answer

    0   in reply to 

    Hi Keith

    I believe that this Authentication ID and the password still exist just for compatibility with previous versions and MSOnline PowerShell module.

    I saw examples of the code when Azure AD Driver executes the MSOnline PowerShell module.

    The functionality of this MSOnline module (officially deprecated by MS a number of years ago) partially migrated to AAD/MS.GRAPH modules, but it still has some "unique" functionality.

    MSOnline module uses SOAP API for access to AAD (that was never properly documented by MS).

    MSOnline doesn't support Enterprise Applications with certificate/secret-based authentication, only username/password method.

Children