How to block non-modern authentication to Office 365 services. (Manual)

With Azure Conditional access you get more control over your data, get better security and visibility! To use this feature you will need to buy and assign Azure AD Premium or EM+S E3/E5 licenses to your users.

This manual can be used to enforce the use of the Outlook app on IOS and Android devices by blocking all apps that do not support Modern Authentication like iOS mail and Google mail client.

Step 1: In the Azure Portal go to Conditional Access. On the first page that you get create a New policy

Step 2: Give your new policy a new name. After that we can continue with assignments. On the Users and groups blade select the users that you want to include. On the exclude tab you might want to exclude the Global administrator Role

Step 3: Next blade you can choose which Office 365 services will not allow basic authentication. For this manual I’ve chosen to only apply this policy to Office 365 Exchange Online. But you can choose more if you want to, or even all services.

Step 4: On the next blade we have multiple options. First one is Sign-in risk. This option is only available if you have AD Premium P2 or EM+S E5 license.

Step 5: On the next blade select the device platforms where you want the policy to be applied to.

Step 6: We will skip the locations for this policy, but we will configure Client apps, select Exchange ActiveSync clients and other clients and select done and done again.

Step 7: Now on the main blade go to the Grand blade, and select Block access. Select next, and as last step, is to enable the policy and click Create. After this step you are done!

Leave a Reply

Your email address will not be published. Required fields are marked *