Conditional Access - legacy authentication

lycksen 1 Reputation point
2021-02-23T11:01:35.09+00:00

If I in conditional access block legacy authentications. Which email clients will then be blocked ?

Just wondering if fx the native IOS mail app - will that one be blocked accessing exchange in legacy authenticaton is blocked? - So overall I looking for some information where can see which email clients apps is using legacy authentication

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,182 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Domooney-MSFT 2,556 Reputation points Microsoft Employee
    2021-02-23T11:14:36.243+00:00

    Hi @lycksen we have a list here of legacy authentication clients - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication#legacy-authentication-protocols

    the native iOS mail app supports modern authentication from iOS 11 onwards - https://support.apple.com/en-ie/guide/deployment-reference-ios/apd46055de62/web

    As a starting point you could create a conditional access policy to block legacy authentication, and place it in report only mode. You can then monitor which users would be blocked.

    You can also filter your Azure AD sign-in logs to see users who are currently using legacy authentication protocols - https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication#identify-legacy-authentication-use