Jamf Nation Community

Access to Document Libraries in SharePoint 2010 via Word for Mac2016 stopped abruptly Friday Sept 2. It was working very well before. Since then, only when we accessed the SharePoint site without authenticating through the TMG Server were we able to get to the files. When we authenticate through the TMG server, we get a error message: 'Cannot Connect to URL. Please use a valid URL.'

Windows users of Office2016 were experiencing difficulties as well until we learned of the client side solution mentioned in my post. But until we find a server side solution, I have been tasked with finding a client side solution in OSX and/or Word for Mac.

I know this is late, but..

defaults write com.microsoft.Word DisableModernAuth -bool YES

This will only work for Office for mac version 15.30 and later.

We had an issue with autodiscover not working with our office365 setup (okta in the middle) and had to run

defaults write com.microsoft.Outlook DisableModernAuth -bool YES

which was given to us by MS.

@tausifkhan where in the world did you find this info??? We've been talking to Microsoft about this for quite a while, and the standard answer back to us has always been that you can't disable Modern Auth on Macs!

Is there any way to turn this off for Skype for Business also? I keep getting prompted in the "meeting tab" to login with my Exchange credentials

@skyman375 did you ever get your answer? I have okta in the middle and I want to try this preference out for SFB

Did you try defaults write com.microsoft.SkypeForBusiness DisableModernAuth -bool YES ?

We also ran into this due to our O365 tenant-to-tenant migration. In our situation, we have Apple Enterprise Connect pulling Kerberos tickets from our primary domain/Kerberos realm DOMAINA.COM. The users however have to authenticate against DOMAINB.COM which doesn't trust DOMAINA.COM. As our tenant requires Modern Authentication, we have a few options:
1. Close out of EC and trash any existing Kerberos tickets from DOMAINA.COM before signing in to Outlook/Skype for the first time (or after password change, or authentication token expiration, most likely). Then start EC again to get a new Kerberos ticket for ongoing operations (server auth, etc.).
2. Try to make the authentication server recognize when a Mac Office app is authenticating, and offer NTLM, forms-based or plain text authentication instead of Kerberos
3. Gripe to Microsoft to make Mac Office properly handle a rejected Kerberos ticket and failback to username/password.

None of these are particularly appetizing; option 1 is very user impactful and tricky to manage with password changes/token expirations. Option 2 is possibly not technically feasible (doesn't seem to be a way to identify Mac Office via UserAgent or something when looking at Wireshark captures). Option 3 seems most likely, but also time-consuming and reliant on MS to make it happen...