We have an Exchange 2013 server setup in hybrid with Exchange online. We are about to move all mailboxes over but we have a problem with outlook clients after a mailbox has been moved.
Outlook keeps prompting for credentials after the mailbox move. In the Sign-in logs we see the following error:
Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
We don't have conditional access policies active but we do have the security defaults enabled so I guess that is causing this. However we would like to keep the security defaults in place for obvious reasons.
Would there be any workaround to force outlook clients to properly authenticate using modern auth without making a new outlook profile for every user? It does work if we recreate the outlook profile btw