Scenario:
- Skype for Business Pool configured in Hybrid Mode
- Skype for Business On-Premises administrator account has Multi-Factor Authentication(MFA) in Office 365
Problem:
- When you have this setup, in Skype for Business Server 2015 Control Panel, you try to move users from On-Premises to Online or vice-versa, but you cannot authenticate with your administrative account in Office 365 services.
- Error: "Get-CsWebTicket : Failed to logon with given credentials. Make sure correct user name and password provided."
![]()
- Currently the Skype for Business Control Panel do not support multi-factor authentication.
Solution:
- Option 1:
- Since Skype for Business Control Panel don't support two-step verification we will need to to set up an "app password" for our Office 365 admin account that has MFA enabled.
- Option 2:
- Remove the MFA from the administrative account.
- Option 3:
- If you enforce Multi-Factor Authentication through Conditional Access policies and not through per-user MFA, you cannot create app passwords. In this case you can create an account in the domain "XXX.onmicrosoft.com" to connect to Office 365.
EXTRA:
- You might face the same problem when trying to move users, using the Skype for Business Powershell, and fails as well because of the MFA, when connecting to Office 365:
- Error: "Move-CsUser : Failed to logon with given credentials. Make sure correct user name and password provided."
![]()
Resources:
- Step-By-Step: Skype for Business 2015 Hybrid Configuration
- Move users to Skype for Business Online
- Move users from Skype for Business Online to on premises