Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. When you enable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication (Outlook 2013 or later) use modern authentication to connect to Exchange Online. Well that is partly true. It is enabled for SharePoint online, not for Exchange and Skype for Business if your tenant is created before august 1 st 2017. While writing this about 95% of the tenants are older then 1 month so modern authentication is not enabled for Exchange and Skype for Business. What is modern authentication.
-->
L'autenticazione moderna in Exchange Online abilita funzionalità di autenticazione come l'autenticazione a più fattori (MFA) con smart card, l'autenticazione basata su certificato (CBA) e i provider di identità SAML di terze parti.Modern authentication in Exchange Online enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.L'autenticazione moderna si basa su ADAL (Active Directory Authentication Library) e OAuth 2.0.Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0.
Quando si abilita l'autenticazione moderna in Exchange Online, i client Outlook basati su Windows che supportano l'autenticazione moderna (Outlook 2013 o versione successiva) usano l'autenticazione moderna per connettersi alle cassette postali di Exchange Online.When you enable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication (Outlook 2013 or later) use modern authentication to connect to Exchange Online mailboxes.Per altre informazioni, vedere Funzionamento dell'autenticazione moderna per le app client di Office.For more information, see How modern authentication works for Office client apps.
Quando si disabilita l'autenticazione moderna in Exchange Online, i client Outlook basati su Windows che supportano l'autenticazione moderna usano l'autenticazione di base per connettersi alle cassette postali di Exchange Online.When you disable modern authentication in Exchange Online, Windows-based Outlook clients that support modern authentication use basic authentication to connect to Exchange Online mailboxes.Non usano l'autenticazione moderna.They don't use modern authentication.
Note:Notes:
- L'autenticazione moderna è abilitata per impostazione predefinita in Exchange Online, Skype for Business Online e SharePoint Online.Modern authentication is enabled by default in Exchange Online, Skype for Business Online and SharePoint Online.
Nota
Per i tenant creati prima del 1° agosto 2017, l'autenticazione moderna è disattivata per impostazione predefinita per Exchange Online e Skype for Business Online.For tenants created before August 1, 2017, modern authentication is turned off by default for Exchange Online and Skype for Business Online.
-
L'abilitazione o disabilitazione dell'autenticazione moderna in Exchange Online come descritto in questo argomento influisce solo sulle connessioni di autenticazione moderna dei client Outlook basati su Windows che supportano l'autenticazione moderna (Outlook 2013 o versione successiva).Enabling or disabling modern authentication in Exchange Online as described in this topic only affects modern authentication connections by Windows-based Outlook clients that support modern authentication (Outlook 2013 or later).
-
L'abilitazione o disabilitazione dell'autenticazione moderna in Exchange Online come descritto in questo argomento non influisce su altri client di posta elettronica che supportano l'autenticazione moderna, ad esempio Outlook Mobile, Outlook per Mac 2016 ed Exchange ActiveSync in iOS 11 o versione successiva.Enabling or disabling modern authentication in Exchange Online as described in this topic does not affect other email clients that support modern authentication (for example, Outlook Mobile, Outlook for Mac 2016, and Exchange ActiveSync in iOS 11 or later).Questi altri client di posta elettronica usano sempre l'autenticazione moderna per accedere alle cassette postali di Exchange Online.These other email clients always use modern authentication to log in to Exchange Online mailboxes.
-
È consigliabile sincronizzare lo stato dell'autenticazione moderna di Exchange Online con Skype for Business online per evitare che vengano visualizzate più richieste di accesso nei client di Skype for Business.You should synchronize the state of modern authentication in Exchange Online with Skype for Business Online to prevent multiple log in prompts in Skype for Business clients.Per istruzioni, vedere Skype for Business Online: Abilitare il tenant per l'autenticazione moderna.For instructions, see Skype for Business Online: Enable your tenant for modern authentication.
-
Un utente con più account configurati nel proprio profilo di Outlook potrebbe ricevere un messaggio di errore quando prova a connettersi alla propria cassetta postale.A user with multiple accounts configured in their Outlook profile might receive an error when they try to connect to their mailbox.Per altre informazioni, vedere KB 4516672.For more information, see KB 4516672
Abilitare o disabilitare l'autenticazione moderna in Exchange Online per le connessioni client in Outlook 2013 o versione successivaEnable or disable modern authentication in Exchange Online for client connections in Outlook 2013 or later
-
Connettersi a PowerShell per Exchange Online.Connect to Exchange Online PowerShell.
-
Eseguire una delle operazioni seguenti:Do one of these steps:
-
Eseguire il comando seguente per abilitare le connessioni di autenticazione moderna a Exchange Online per i client Outlook 2013 o versione successiva:Run the following command to enable modern authentication connections to Exchange Online by Outlook 2013 or later clients:Si noti che il comando precedente non blocca o impedisce ai client Outlook 2013 o versione successiva di usare connessioni di autenticazione di base.Note that the previous command does not block or prevent Outlook 2013 or later clients from using basic authentication connections.
-
Eseguire il comando seguente per impedire le connessioni di autenticazione moderna, ovvero forzare l'uso di connessioni di autenticazione di base, a Exchange Online per i client Outlook 2013 o versione successiva:Run the following command to prevent modern authentication connections (force the use of basic authentication connections) to Exchange Online by Outlook 2013 or later clients:
-
-
Per verificare che la modifica sia stata applicata, eseguire questo comando:To verify that the change was successful, run the following command:
Vedere ancheSee also
Outlook for Office 365 Outlook for Office 365 for Mac Outlook 2019 Outlook 2016 Outlook 2016 for Mac Outlook on the web for Office 365 Business Calendar for Windows 10 Outlook 2019 for Mac Outlook for iOS and Android Outlook on the web for Exchange Server 2016We're making improvements to the way shared calendars in Office 365 sync across your applications. This article is intended for IT admins, to help them understand the changes that are rolling out.The improvements are planned only for calendars shared between people using Exchange Online. There are no changes to shared calendars when one person's calendar is hosted in Exchange on-premises.When all the improvements are complete, IT admins and their organization's users can expect:.Consistent permission options when sharing a calendar. See.An easy way to accept a shared calendar invitation. See.Shared calendars that sync to all devices with changes that appear right away. See.These improvements roll out over the next year. This article focuses on the changes you can see today and provides details about future plans.
For a quick snapshot of schedules, see later in this article.Not an IT admin? If you're not an IT admin and are just looking for instructions about how to share or delegate a calendar, see the following articles:.Sharing your calendar in or.Sharing your calendar in.Sharing your calendar in.Share a calendarThe first improvement is that users can share their calendar from any version of Outlook and have the same permission options on all versions. When a user shares their calendar with people today, they will see the improved shared calendar experience after accepting the invitation. However, if they shared their calendar with people before these changes were enabled, they won't see these improvements automatically.To upgrade existing shared calendars to the new shared calendar experience, ask users to follow the instructions in later in this article. After users upgrade to the new model, shared calendars will sync to their mobile phones. In the future, existing shared calendars will be upgraded automatically, but there's no schedule yet for this automatic upgrade process. Instant syncing is enabled only if both users are in the same Office 365 tenant, or if the calendar is shared by an Outlook.com user.The table below provides more details about the types of configurations that support instant syncing.
In the future, instant syncing will be enabled for all calendars shared among Office 365 and Outlook.com users.Calendar ownerShared calendar recipientInstant syncing enabledNotesOffice 365Office 365(same tenant)✔Currently, instant syncing occurs only if the calendar is directly shared with the recipient.If the recipient has permissions via the default organization user, the recipient will not receive instant sync updates. We are currently working to change this. For these recipients, syncing happens approximately every three hours.Office 365Office 365(different tenant)–Syncing happens approximately every three hours.If external sharing isn't allowed for the calendar owner's tenant, it's treated like the calendar is being shared to a third-party user.Office 365Outlook.com orthird-party service such as Gmail.com–This configuration currently generates an Internet Calendar Subscription (ICS) URL. The shared calendar recipient adds the shared calendar using the ICS URL, and the sync timing is determined by the recipient's calendar service.For example, if the recipient is in Outlook.com, the calendar will update approximately every three hours. If the recipient is in Gmail.com, the calendar might be updated every 24-48 hours.Outlook.comOutlook.com✔Outlook.comOffice 365✔Outlook.comThird-party service such as Gmail.com–This configuration currently generates an ICS URL. The recipient adds the shared calendar using the ICS URL, and the sync timing is determined by the recipient's calendar service.For example, if the recipient is in Outlook.com, the calendar will update approximately every three hours. If the recipient is in Gmail.com, the calendar might be updated every 24-48 hours.
Note: Exchange Web Services (EWS) API will not support instant syncing.To use instant syncing, the shared calendar must be enabled for instant syncing, and the calendar application must be updated.If the shared calendar is enabled for instant syncing, and the user is viewing it on Outlook on the web, Outlook for iOS, or Outlook for Android, the new sync experience is in use.If the user views the shared calendar on Outlook for Mac, they'll see the new sync experience if the calendar was added by accepting a sharing invitation. However, if the user added the shared calendar via File Open another user's folderor if the user added the account as a delegate account, they'll be on the old sync experience. Changes might appear faster in Outlook on the web, Outlook for iOS, and Outlook for Android.If the user views the shared calendar on Outlook for PC, they'll see the old sync experience regardless of how the calendar was added.
Currently, for the same shared calendar, changes might appear faster in Outlook on the web, Outlook for iOS, Outlook for Android, and Outlook for Mac than on Outlook for PC. Technical details of the shared calendar improvementsThis section describes how these improvements were accomplished, and what changed in the architecture of shared calendars in Office 365.
TerminologyHere are some terms that we'll use in this discussion:.Shared calendar: A calendar shared with view, edit, or delegate permissions.Owner: The person from whom the calendar is shared.Recipient: The person to whom the calendar is shared.Old model: The old behavior of shared calendars.New model: The new behavior of shared calendars. The improvements are only applicable for calendars shared between users in Exchange Online. There are no changes to shared calendars when one of the users is hosted in Exchange on-premises.AttributeOld modelNew modelHow the shared calendar is storedAn entry (similar to a hyperlink) is stored in the recipient's mailbox. Users who accept a new shared calendar invitation from an automatically start using the new model of calendar sharing.The easiest way for a user to check if they have the improvements (meaning the new model of calendar sharing) is to check if the shared calendar appears on their mobile phone. If it does, the shared calendar is already upgraded to the new model.If you prefer to use MFCMapi, you would need to confirm that the following conditions are true:.A local folder for the shared calendar appears in the Calendar subtree.An entry exists in the Common Views Associated Contents table. The entry’s named property name is SharingCalendarGroupEntryAssociatedLocalFolderId, and it will point to the ID of the local shared calendar folder.
For shared calendars to benefit from these improvements, users should re-create the shared calendar by using one of the two options below:.Ask the calendar owner to re-share the calendar with them. The user can do this from any Outlook application, including Outlook for iOS or Outlook for Android. The user should then accept the shared calendar invitation using. It's important that the user accepts the invitation from an updated version of Outlook.
If the user accepts the invitation using an older version of Outlook, the shared calendar will not be enabled with these improvements. Existing shared calendars don't need to be removed before re-accepting.Open the calendar from Outlook for iOS or Outlook for Android. This option does not require the owner to re-share the calendar.
The user simply needs to use Outlook for iOS or Outlook for Android to add the shared calendar, and the calendar will be upgraded automatically. The option to add a shared calendar is available under the calendar module: Click on the profile picture in the upper left to view the list of calendars, click the + icon in the upper left, and select Add Shared Calendars. Note: Opening a shared calendar by searching the directory for the calendar owner will add the calendar via the old model of sharing.In the future, shared calendars will be upgraded to the new model regardless of which method the user chooses. There is no timeline for this yet, however. Methods for syncing shared calendarsThis section discusses where and when instant syncing occurs in the current state of our work. The following table shows the types of syncing that exist for shared calendars in the new model.Update methodHow changes syncSupported calendars (currently)Instant updatesChanges sync instantly. This applies to calendars shared between users in the same Office 365 tenant, or shared from an Outlook.com user.Shared from an Outlook.com user to an Outlook.com or Office 365 user.Shared directly between Office 365 users in the same tenant.Periodic updatesChanges sync periodically (within three hours in most cases). Recipients won’t see changes on a shared calendar immediately, but the copy will be updated every few hours.Shared indirectly between Office 365 users in the same tenant (via default user permissions, or via a security group with more than 100 members).Shared between Office 365 users in different tenants, with external sharing enabled.ICS subscriptionAn Internet Calendar Subscription (ICS) URL is generated when the calendar is shared.
The recipient can use this URL to add the shared calendar to any calendar service that they use. With ICS URLs, the recipient’s calendar service chooses when to sync the calendar to receive new updates. If the recipient is an Outlook.com user, the sync will happen approximately every three hours.Shared between Office 365 users in different tenants, with external sharing disabled.Shared from an Office 365 user to an Outlook.com user.Shared from an Office 365 or an Outlook.com user to someone using a third-party calendar service, such as Gmail. Instant syncing for sharing outside your tenant isn't supported currently.
While you can share in these configurations, syncing will happen periodically. There are two types of cross-tenant sharing:.Office 365 to another Office 365 user (if external sharing is enabled).A full shared calendar is created, but the sync will happen approximately every three hours. Instant syncing will eventually be enabled for this setup.Office 365 to an Outlook.com user.
If external sharing is disabled, sharing to another Office 365 user also falls into this group.An ICS URL is generated when sharing, which the recipient can use to add to any calendar service. With an ICS subscription, the recipient’s calendar service chooses when to sync the ICS subscription to receive new updates. If the recipient is an Outlook.com or an Office 365 user, the sync will happen approximately every three hours. Sharing with a user on an external service such as Gmail is a different kind of calendar sharing. In these scenarios, an Internet Calendar Subscription (ICS) URL is generated that links to the owner’s calendar.
Recipients can use this URL to view the calendar in a web browser, or add it to their own calendar service by adding an internet calendar using the ICS URL. With ICS subscriptions, the recipient’s calendar service chooses when to sync the ICS subscription to receive new updates.
If the recipient is an Outlook.com user, the sync will happen approximately every three hours. If the recipient is using another calendar service, such as Gmail.com, the sync might not happen as frequently. Functionality differences in new model shared calendarsShared calendars that use the new model differ from the old model in several areas of functionality, including reminders, permissions, delegated meetings, and third-party clients.
In the first phase of calendar sharing improvements, recipients will always see “Reminder=None” for shared calendar items, regardless of the true reminder value for an item. If a recipient with edit access tries to change the reminder on an shared calendar item, the new reminder value will be locally saved only for the recipient and not for the owner.Reminders in the old model: In the old model of sharing, the recipient accessed the calendar owner’s mailbox directly. Therefore, when a recipient viewed a calendar item, they saw the same reminder value that the owner saw. Outlook clients knew how to detect which calendars were shared calendars, so they did not show pop-up reminders for any shared calendar items.Behavior change in the new model: In the new model of sharing, the shared calendar is stored locally in the recipient’s mailbox. Therefore, when mobile applications sync these shared calendars, they might not always check whether it’s a shared calendar. In those cases, we found that when the true reminder value was synced to a recipient who was using a third-party EAS or REST client, the recipient was flooded with reminders for other people's meetings. In the past, there was no consistent set of permission-level options across Outlook clients.
As part of these improvements, updated Outlook clients will show a simplified and consistent set of sharing permission levels.Legacy permission levelsSimplified permission levelsNot sharedNot sharedNoneNoneFree/Busy timeAvailability onlyCan view when I'm busyFree/Busy time, subject, locationLimited detailsCan view titles and locationsReviewerFull detailsCan view all detailsEditorCan editOwnerPublishing EditorPublishing AuthorAuthorNonediting AuthorContributorCustomCustomDelegateDelegate. If the owner removes someone’s permissions on the calendar, this action will be detected within a few hours and one of three things will happen:.If the recipient is in the same organization, and the calendar owner has the My Organization (default) user set to any permission other than None, the recipient’s calendar will be updated to reflect the default user’s permission level. The shared calendar will remain on the new model, but it might have a different permission level.If the recipient is in the same organization, and the calendar owner is not sharing their calendar to the My Organization (default) user, the shared calendar will be removed from the recipient’s mailbox. The recipient will no longer see the shared calendar in their calendar list.If the recipient is in a different organization, the shared calendar stops syncing but is not removed.
Delegates have always been able to view delegated meeting messages from their mobile phone because the invitations are received in their inbox. However, in the past, delegates did not have any indication whether the meeting invitation was for them or for whoever they're a delegate for.To better support this scenario, Outlook for iOS and Outlook for Android have added UI to make it clear for whom the meeting invitation is intended. For example, note 'Received for Allan Deyong' in the following screenshots, which indicates that the invitation and the mail are for Allan, not for the delegate.
The new model of calendar sharing differs in third-party mail clients in a few scenarios, which are described below.In EAS clients, recipients with read-only permissions will see the option to create a meeting or respond to a meeting on that read-only calendar. Doing so will save locally to the client's cache, but the changes are rejected by the server. The recipient's changes will not be reflected in the owner's calendar because they don't have edit permissions. This issue occurs because EAS clients don't differentiate between read-only versus read-write permissions on shared calendars, and treat all calendars as editable.Some third-party clients have client-side logic to always add the current user as an attendee of meetings. Therefore, if the user is using the native calendar apps on their phone and viewing a meeting on someone else’s calendar, they might see their name in the attendee list. This only occurs if they’re viewing the calendar on third-party calendar applications – when they view the same meeting on Outlook for iOS or Outlook for Android, they won't see their name on the attendee list.We don't support the shared calendar improvements for EWS-based clients, so improvements aren't available in any calendar application that uses EWS, such as Mac OS X. Notes:.Outlook for Mac currently uses EWS and shows legacy shared calendars that don't have these improvements.The Calendar app in Mac OS X uses EWS and shows legacy shared calendars that don't have these improvements.FAQI don’t want my users’ calendars to sync to mobile phones.
What settings can I use to disable this?We don’t have any plans to allow the shared calendar improvements to be disabled for tenants.My users are concerned about data usage when shared calendars sync to their mobile phones. What should I tell them?If you clear the shared calendar option in the calendar list, Outlook for iOS, Outlook for Android, and Windows 10 Mobile will not sync the calendars that aren't selected.
Most mobile calendar applications should also follow this behavior.Does this also apply to resource calendars?Any calendar that can be shared is eligible for these improvements. If a user shares their calendar, a shared mailbox calendar, or a resource mailbox calendar, and the recipient accepts using Outlook on the web, Outlook for iOS, or Outlook for Android, they will start seeing these improvements.However, for resource mailboxes in particular, there are some inconsistencies with the way that permissions show in the Outlook permissions list compared to the Admin center’s permissions list. We're working to make the permissions show consistently. However, the shared calendar functionality works as detailed above for resource mailbox calendars, and the recipient will be able to see the resource calendar on their mobile phone.Do you now support sharing a calendar to Office 365 groups?Not yet, but it’s high on our list. You can currently only share calendars with individual users or with security groups.Will these changes make it easier for a single person to have multiple calendar delegates?These improvements, especially the faster syncing, will make it easier for multiple people to manage the same calendar, but the multi-delegate scenario is not a goal of these initial improvements.
For the best experience, only one delegate should manage the shared calendar. Timeline of calendar improvements across clientsBelow is the summary of the current state of the calendar improvements. Timelines listed below are subject to change.ImprovementWebPC.Mac.iOSAndroidWindows 10 MobileShare a calendar with simplified permissions✔✔.✔.✔✔Not plannedAccept a calendar so it’s on the new model✔✔.✔.✔✔✔Sync instantly via the new model✔Monthly channel:2019✔.✔✔✔.Applies only to customers who purchased Microsoft Office on a monthly or yearly subscription basis.Available starting in Version 1805.Available starting in Version 16.23.326.1. Related topics.