Quicklaunch can use Multi-factor Authentication directly. You will need to create a password or Code from an "Authenticator App" or an "App Password" that will then be entered into Skype for Business and/or Exchange settings in Quicklaunch. 


Sections

1) Create an App Password on office.com

2) Sign In to Skype for Business and Exchange with the new app password

3a) Entering Credentials on Fresh Quicklaunch Install

3b) Entering Credentials in Existing Quicklaunch Install

4) How to enable Multi Factor Authentication via Skype For Business PowerShell module.



1) How to Create an App Password for Room Account: 

Go to https://www.office.com and sign in. Then select your account icon and click "My Account" 


Select "Manage Security & Privacy" 


Click on "Additional Security Verification" 


Click on "Create and Manage App Passwords"


Select, "Create" to create a new App Password 


Name it.


Copy the auto-generated password to the clipboard.




2) Sign In to Skype for Business with the new app password

Skype for Business

If you've already signed in to both Skype for Business and Exchange, skip to the next step.

Open Skype for Business from the Windows Start Menu and enter your new app login password.


Click sign in. When prompted to remember credentials, select yes.






3a) Entering Credentials on Fresh Quicklaunch Install


When you get to the Accounts Screen in the Setup Wizard. select Exchange and Skype for Business. 




Enter your Skype for Business email and the App password you just created. Then click Next.


Enter the email address and App password for Exchange.






3b) If Quicklaunch is already Installed and Setup Follow the Steps Below: 

Enter Settings (Ctrl- Alt-s) > Account > Right side Select > Change Account Type

Select Exchange and S4B or Exchange account 


Enter the email address and new app password. 



4. Enabling MFA for Skype For Business.


  • In order to use two-factor authentication with the Skype for Business Client, the users Office365 tenant requires that the option "ClientAdalAuthOverride" is set to true.
  • By enabling this setting, the Skype For Business Client will prompt the user to do two-factor authentication using the Microsoft MFA window rather than entering an app password when MFA is enabled for an account on a tenant.
  • This setting cannot be configured via the Office365 Admin portal but the attached PowerShell commands can be run via the Skype For Business PowerShell module (PowerShell ISE)
  1. Set-ExecutionPolicy unrestricted (Yes to all prompts)
  2. Import-Module SkypeOnlineConnector (click yes)
  3. $cred = Get-Credential (Enter Global Administrator account. Please use Global admin account which does not have Multi factor authentication enabled)
  4. $session = New-CsOnlineSession -Credential $cred -Verbose
  5. Import-PSSession -Session $session
  6. start-transcript C:\powershelloutput.txt
  7. Get-CsOAuthConfiguration
  8. Set-CsOAuthConfiguration -ClientAdalAuthOverride Allowed
  9. Get-CsOAuthConfiguration (Verify setting is configured correctly)
  10. stop-transcript
  • Once the setting is configured it can take up to an hour to take effect in the tenant
  • Once in effect, a user with two-factor enabled will be able to log into the Skype For Business Client using their regular username and password.

 

NOTE: If the tenant has Single Sign On enabled, after a user signs into a device with two factor authentication they will not be prompted for a password/confirmation code again.