Which version of Outlook is that, is it perhaps trying to use legacy auth? Make sure Modern auth is enabled both server-side and client-side.
Security defaults in Azure AD cause access problem
A user encounters problems when trying to add her Microsoft 365 mailbox (MS 365 Business Standard) in Outlook (O365). In the azure logs I see the following error:
Access has been blocked by Conditional Access policies. The access policy does not allow token issuance.
However, there are no conditional access policies configured. When I disable the security defaults in Azure AD, the problem is solved and mailbox can be added without any problems. This is unexpected/unwanted behavior: we want to enable security defaults/MFA without having problems with adding the mailbox in Outlook.
Any ideas/suggestions?
2 answers
Sort by: Most helpful
-
-
Nobus 1 Reputation point
2021-02-17T10:53:15.647+00:00 It's the Microsoft 365 apps deployed via ODT (but same problem with Outlook pro plus 2016)
The modern auth is disabled on both client and server-side, but enabling will result in the same problem I think (because turning on the modern auth on server-side is basically the same as enabling the security defaults: "You can either enable security defaults in the Azure portal to turn off basic authentication for all protocols, or use the controls below to turn it off for specific protocols.")