- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe to Topic
- Printer Friendly Page
Access on-prem Exchange mailbox with AAD Joined device
We have setup Exchange 2016 Hybrid latest CU etc.
Moved my mailbox to O365 and all works well, free busy, autodiscover etc.
Now i have a test Windows 10 device joined to Azure AD (not hybrid).
Accessing my mailbox via Outlook is SSO but i also have a shared mailbox to open that is on-premises and this one causes a authentication prompt.
Is the authentication prompt for the on-premises mailbox expected behaviour or can we achieve SSO ?
Windows & Devices
Run the commands that assign your on-premises web service URLs as Azure AD SPNs. SPNs are used by client machines and devices during authentication and authorization. All the URLs that might be used to connect from on-premises to Azure Active Directory (Azure AD) must be registered in Azure AD (this includes both internal and external namespaces).
First, gather all the URLs that you need to add in AAD. Run these commands on-premises:
Get-MapiVirtualDirectory | FL server,*url*
Get-WebServicesVirtualDirectory | FL server,*url*
Get-ClientAccessServer | fl Name, AutodiscoverServiceInternalUri
Get-OABVirtualDirectory | FL server,*url*
Get-AutodiscoverVirtualDirectory | FL server,*url*
Get-OutlookAnywhere | FL server,*hostname*
Ensure the URLs clients may connect to are listed as HTTPS service principal names in AAD. In case EXCH is in hybrid with multiple tenants, these HTTPS SPNs should be added in the AAD of all the tenants in hybrid with EXCH.