Earlier this year, Office 2013 Modern Authentication using the Active Directory Authentication Library (ADAL) moved to public preview. The steps to take part in the preview and to prepare the Office 2013 software are well documented, particularly by one of my fellow Kloudies (see Lucian’s blog here).

However, you may find that despite creating the registry keys and installing the required updates, Modern Authentication is still not working – something I recently encountered with MSI-based installations of Office 2013 SP1 in a Windows 7 SOE.

With the assistance of the friendly Microsoft Premier Engineering team, for Modern Authentication to function we identified the following component versions should be greater than 15.0.4625.1000:

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
  • C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
  • C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

And this dll should be greater than 1.0.1933.710:

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ADAL.DLL

To achieve the necessary version levels, the following updates were installed:

In the land of SCCM managed desktops, not all are managed equally. We found varying patch levels across the fleet and needed a way to quickly identify which Modern Authentication prerequisites were missing, so I wrote this script which can be saved as a ps1 and executed on any Win 7 32-bit PCs to test their readiness:

[code language=”PowerShell”]
Write-host "Scanning for Office 2013 Modern Authentication prerequisites…"
If (Test-Path "HKLM:\SOFTWARE\Microsoft\Office\15.0") {
#Create registry keys
$Path = "HKCU:\Software\Microsoft\Office\15.0\Common\Identity"
If (!(Get-Item $Path -ErrorAction SilentlyContinue)) {New-Item $Path -Force | Out-Null}
New-ItemProperty $Path -Name Version -PropertyType DWORD -Value 1 -Force | Out-Null
New-ItemProperty $Path -Name EnableADAL -PropertyType DWORD -Value 1 -Force | Out-Null
#Check for updates
$UpdatesRequired = $False
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\Office15\MSO.DLL").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "MSO.DLL requires update – https://support.microsoft.com/en-us/kb/3085480" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\Office15\Csi.dll").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Csi.dll requires update – https://support.microsoft.com/en-us/kb/3085504" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Microsoft Office\Office15\Groove.exe").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Groove.exe requires update – https://support.microsoft.com/en-us/kb/3085509" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Microsoft Office\Office15\Outlook.exe").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Outlook.exe requires update – https://support.microsoft.com/en-us/kb/3085495" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ADAL.dll").VersionInfo.FileVersion -ge "1.0.1933.710")) {
Write-host "ADAL.dll requires update – https://support.microsoft.com/en-us/kb/3055000" -Foregroundcolor Red
$UpdatesRequired = $True
}
If ($UpdatesRequired) {Write-host "Scan complete: install the updates and re-run the script" -Foregroundcolor Red}
Else {Write-host "Scan complete: Office 2013 Modern Authentication prerequisites have been met" -Foregroundcolor Green}
}
Else {Write-Host "Scan complete: Office 2013 is not installed" -Foregroundcolor Red}
Read-Host
[/code]

Hope this is helpful!

Category:
Office 365, Office ProPlus, Security
Tags:
, , ,

Join the conversation! 5 Comments

  1. Thanks Dave, Super usefull

    Reply
  2. Thank you so much with your notes I was able to configure Modern Authentication !!!!!! Thumbs up!!

    Reply
  3. I know this is an old post, but I want to say a genuine thanks for posting this!
    We recently rolled out MFA, and we still have a few computers on Office 2013. Most have accepted it without a hitch, but some haven’t. These updates resolved my issue!

    Reply
  4. This was very helpful. My company is using Okta as its SSO solution and when we tried to setup desktop SSO through Office 365 it would not work on systems with Outlook 2013. Okta pointed me to the EnableADAL and only one patch which was not enough to get it working for us. We tried to get Okta and MS to tell us what were the minimum patch requirements to get Modern Authentication working with Outlook 2013. Both would only tell us that we needed to be up to date on ALL patches for Office 2013. Using the five patches you supplied was exactly what we needed.

    Thanks!

    Reply

Leave a Reply

Follow ...+

Kloud Blog - Follow

%d bloggers like this: