Applies to: All versions of Centrify Identity Service
IWA fails on Skype for Business 2016 when Modern Authentication (ADAL) feature is not enabled for Skype for Business Online.
Modern Authentication (ADAL) for Skype for Business Online has to be enabled for IWA or ZSO to work on Skype for Business 2016. If not enabled, the following can be seen in the network traffic:
x-ms-diagnostics: 4000000;reason="Flighting is not enabled for domain 'firstname.lastname@example.org'.";error_category="oauth_not_available"
Enabling Modern Authentication for your Skype for Business Online tenant and your Exchange Online tenant is a prerequisite. Modern Authentication is turned off by default in Skype for Business in Office 365. Tenant admins must first enable their tenant for Modern Authentication.
Notice that Lync Server 2013 does not support Modern Authentication.
Following the steps below to enable Modern Authentication (ADAL) for Skype for Business Online:
Once performed the steps above, please make sure to shutdown Skype for Business client completely and restart. User should be able to IWA/ZSO afterwards.