When you want to use Skype for Business Online, but are using an on premises ADFS implementation and require MFA for all logins, Skype for Business will fail to authenticate. It cannot handle the ADFS Multi-Factor challenge because MFA is not yet supported for Office 365 Online Skype for Business tenants.
To exempt Skype for Business from your ADFS RPT, use the following claims rule
$rp = Get-AdfsRelyingPartyTrust -name "Microsoft Office 365 Identity Platform"
Set-AdfsRelyingPartyTrust –TargetRelyingParty $rp –AdditionalAuthenticationRules 'NOT EXISTS([Type == "http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)skype"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)ACOMO"]) && NOT EXISTS([Type=="http://schemas.microsoft.com/2012/01/requestcontext/claims/x-ms-client-user-agent", Value =~ "(?i)lync"]) => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod", Value = "http://schemas.microsoft.com/claims/multipleauthn");'
Version 0.8 of O365Migrator is now available as a free download.
A frequently asked feature has been added to O365Migrator: in addition to migrating all your user’s homedirectories, O365Migrator can now also migrate entire fileservers (shares) to Sharepoint Online!