Block apps that don't use modern authentication (MSAL)
App-based Conditional Access with app protection policies rely on applications using modern authentication, which is an implementation of OAuth2. Most current Office mobile and desktop applications use modern authentication. However, there are third-party apps and older Office apps that use other authentication methods, like basic authentication and forms-based authentication.
Block access to apps
To block access to apps that don't use modern authentication, use Intune app protection policies to implement conditional access. For more information, see App-based Conditional Access with Intune.
For more information about Microsoft Entra Conditional Access, see the following topics:
- What is Conditional Access in Microsoft Entra ID?
- How app-based Conditional Access works
- Set up SharePoint Online and Exchange Online for Microsoft Entra Conditional Access