Hello Experts. My org has Exchange 2013 enterprise, with MB, CAS roles on all exchange servers, CU19. AD is windows 2012 R2, for both domain and forest funtional level. We are thinking of migrating to O365 for Email, with a hybrid migration, using pass-hash syncronization.
I have a few questions below.
1. My understanding is, For a user who's mailbox has been migrated to O365, their Outlook will connect to exchange online using Mapi over HTTP with basic authentication, will this not result in credential popup for user when their password changes/ expires from Outlook? We would like a SSO experience for user.
2. I have read that Modern Authentication can be used to have a migrated users outlook not connect using basic authentication to Exchange online, this will fix the prompt issue. I know outlook 2016 is enabled for modern auth, and o365 now comes with modern auth, will this have any effect to on-prem users, in terms of their outlook connection/ authentication to on-prem. Will this result in on-prem users outlook going to Azure token server to get authenticated aswell like in hybrid modern authentication? Which is not what i want.
3. What is the difference between modern authentication, and hybrid modern authentication. For HMA, it mentions this change will effect all on-prem mailboxes as well as EXonline mailboxes going to azure token server for authentication to anything for both on-prem and cloud. Which is not what i want at this stage.
I would just like SSO experience with pass hash sync in hybrid env for users we migrate to O365.
Please help me with the answers. Thank you