Hybrid Modern Authentication (HMA) is a method of identity management that offers more secure user authentication and authorization. This method provides users the ability to access the On-premises application using authorization tokens obtained from the cloud. For Microsoft Exchange Server, On-premises mailbox users can use these tokens for authentication to On-premises Microsoft Exchange Server.

Veritas Enterprise Vault Exchange archiving supports HMA when Microsoft Outlook 2016 or later is used.

Prerequisite:

• The Vault Service account (VSA) and System Mailbox must be in the On-premises Active Directory.
• User synchronization with the On-premises Active Directory is necessary for Enterprise Vault Search. Do not perform migrations or deletions of user accounts from the On-premises Active Directory.

If you have enabled HMA for Microsoft Exchange Server On-premises servers to authenticate the Outlook users, and you use Enterprise Vault Exchange archiving, then you must perform the following steps on each Enterprise Vault server that hosts a Microsoft Exchange Server archiving task:

1. Log on to the Enterprise Vault server using the Vault Service account. If you run Microsoft Exchange Server archiving tasks under a service account other than the Vault Service account, log on using that account.
2. Create the following registry entries:

   Registry Path	Value Type	Value Name	Value Data
   HKEY_CURRENT_USER\Software\Microsoft\Exchange	DWORD	AlwaysUseLegacyAuthForAutodiscover	1
   HKEY_CURRENT_USER\Software\Microsoft\Exchange	DWORD	MapiHttpDisabled	1
   For Outlook 2016 and 2019: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Common\Identity	DWORD	EnableADAL	0

3. Restart the Enterprise Vault Admin service.

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly.  Great care should be taken when making changes to a Windows registry.  Registry modifications should only be carried-out by persons experienced in the use of the registry editor application.  It is also recommended that a complete backup of the registry and workstation / server be made prior to making any registry changes.