- Hybrid deployment of Skype for Business (SfB) Server 2015 Enterprise Pool with all workloads enabled including Enterprise Voice with on-premises PSTN integration.
- All user mailboxes homed on Exchange Online (ExO).
- ADAL / Modern Authentication enabled for SfB and ExO (specifically HMA).
After executing "Set-CsOAuthConfiguration -ClientAuthorizationOAuthServerIdentity evoSTS" to enable HMA on SfB, SfB desktop clients began ecountering the following error message.
Error Message: Can't sign in to Skype for Business. You didn't get signed in. It might be your sign-in address or logon credentials, so try those again.
Followed Method 1 of this reference article: https://support.microsoft.com/en-us/topic/cannot-sign-in-to-skype-for-business-after-enable-adal-aka-modern-authentication-4f6f9618-0abf-1e3d-0ada-e6b36d137170.
To resolve this issue, change the Internet Explorer "User Authentication" settings on the affected client computers to "prompt for user name and password" in the security zone. To do this, use one of the following methods.
Method 1: Change the setting manually
- In Internet Explorer, click Tools, click Internet Options, and then click the Security tab.
- Select the security zone that includes the STS URL. Typically, this is the Local Intranet zone.
- Click the Custom level button, and then scroll to the end of the Settings list.
- In the User Authentication section, select the Prompt for user name and password option.