Earlier this year, Office 2013 Modern Authentication using the Active Directory Authentication Library (ADAL) moved to public preview. The steps to take part in the preview and to prepare the Office 2013 software are well documented, particularly by one of my fellow Kloudies (see Lucian’s blog here).

However, you may find that despite creating the registry keys and installing the required updates, Modern Authentication is still not working – something I recently encountered with MSI-based installations of Office 2013 SP1 in a Windows 7 SOE.

With the assistance of the friendly Microsoft Premier Engineering team, for Modern Authentication to function we identified the following component versions should be greater than 15.0.4625.1000:

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSO.DLL
  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\Csi.dll
  • C:\Program Files\Microsoft Office\Office15\GROOVE.EXE
  • C:\Program Files\Microsoft Office\Office15\OUTLOOK.EXE

And this dll should be greater than 1.0.1933.710:

  • C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ADAL.DLL

To achieve the necessary version levels, the following updates were installed:

In the land of SCCM managed desktops, not all are managed equally. We found varying patch levels across the fleet and needed a way to quickly identify which Modern Authentication prerequisites were missing, so I wrote this script which can be saved as a ps1 and executed on any Win 7 32-bit PCs to test their readiness:

Write-host "Scanning for Office 2013 Modern Authentication prerequisites..."
If (Test-Path "HKLM:\SOFTWARE\Microsoft\Office\15.0") {
#Create registry keys
$Path = "HKCU:\Software\Microsoft\Office\15.0\Common\Identity"
If (!(Get-Item $Path -ErrorAction SilentlyContinue)) {New-Item $Path -Force | Out-Null}
New-ItemProperty $Path -Name Version -PropertyType DWORD -Value 1 -Force | Out-Null
New-ItemProperty $Path -Name EnableADAL -PropertyType DWORD -Value 1 -Force | Out-Null
#Check for updates
$UpdatesRequired = $False
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\Office15\MSO.DLL").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "MSO.DLL requires update - https://support.microsoft.com/en-us/kb/3085480" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\Office15\Csi.dll").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Csi.dll requires update - https://support.microsoft.com/en-us/kb/3085504" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Microsoft Office\Office15\Groove.exe").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Groove.exe requires update - https://support.microsoft.com/en-us/kb/3085509" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Microsoft Office\Office15\Outlook.exe").VersionInfo.FileVersion -ge "15.0.4625.1000")) {
Write-host "Outlook.exe requires update - https://support.microsoft.com/en-us/kb/3085495" -Foregroundcolor Red
$UpdatesRequired = $True
}
If (![bool]((Get-Item "C:\Program Files\Common Files\Microsoft Shared\OFFICE15\ADAL.dll").VersionInfo.FileVersion -ge "1.0.1933.710")) {
Write-host "ADAL.dll requires update - https://support.microsoft.com/en-us/kb/3055000" -Foregroundcolor Red
$UpdatesRequired = $True
}
If ($UpdatesRequired) {Write-host "Scan complete: install the updates and re-run the script" -Foregroundcolor Red}
Else {Write-host "Scan complete: Office 2013 Modern Authentication prerequisites have been met" -Foregroundcolor Green}
}
Else {Write-Host "Scan complete: Office 2013 is not installed" -Foregroundcolor Red}
Read-Host

Hope this is helpful!

Category:
Office 365, Office ProPlus, Security
Tags:
, , ,

Join the conversation! 3 Comments

  1. Awesome post mate

    Reply
  2. Thanks Dave, Super usefull

    Reply
  3. Thank you so much with your notes I was able to configure Modern Authentication !!!!!! Thumbs up!!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: