This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 90%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
Good afternoon,
I created an application that uses the EWS to read calendar events from all Exchange users using Application Impersonation. I implemented support for OnPremise (using NTLM) and Office 356 (using OAuth2). While I created the OAuth2 implementation 2 years ago, everything was fine. However, the customers get a lot of problems now setting everything up.
The main problem is the Autodiscover server. I created a new Office 356 developer subscriptions and - well, same problem. I won't get access to the autodiscover server. I always get the following message:
Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
However, I don't have any conditional access plicies configured. I gave full access right to the impersonation user. If I get the autodiscover URL using the autodiscover.json url, access that site and try to lock in to that, I get the same message. So what's going on? What do I have to do to access the autodiscover using Exchange 356?
Best regards,
Marc Schodermayr
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
Answer accepted by question author
Do you have the security defaults enabled for that tenant?
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-security-defaults
Oh my gosh... I don't belive it. That's it. Now it works fine. Thank you very much for that precious information!