Hero Banner

Products Discussions

Share best practices and get the latest Microsoft product info

Visitor 1

Access on-prem Exchange mailbox with AAD Joined device

We have setup Exchange 2016 Hybrid latest CU etc.
Moved my mailbox to O365 and all works well, free busy, autodiscover etc.

Now i have a test Windows 10 device joined to Azure AD (not hybrid).
Accessing my mailbox via Outlook is SSO but i also have a shared mailbox to open that is on-premises and this one causes a authentication prompt. 

Is the authentication prompt for the on-premises mailbox expected behaviour or can we achieve SSO ?

Level 5 Contributor

Run the commands that assign your on-premises web service URLs as Azure AD SPNs. SPNs are used by client machines and devices during authentication and authorization. All the URLs that might be used to connect from on-premises to Azure Active Directory (Azure AD) must be registered in Azure AD (this includes both internal and external namespaces).

First, gather all the URLs that you need to add in AAD. Run these commands on-premises:


Get-MapiVirtualDirectory | FL server,*url*
Get-WebServicesVirtualDirectory | FL server,*url*
Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri
Get-OABVirtualDirectory | FL server,*url*
Get-AutodiscoverVirtualDirectory | FL server,*url*
Get-OutlookAnywhere | FL server,*hostname*
Ensure the URLs clients may connect to are listed as HTTPS service principal names in AAD. In case EXCH is in hybrid with multiple tenants, these HTTPS SPNs should be added in the AAD of all the tenants in hybrid with EXCH.



Rachel Gomez