Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
It’s been a few ...
Updated Sep 01, 2022
Version 7.0
Blog Post
Following on from Phil Lyle's comment, I added ActiveSync to my Block Legacy Authentication (Report Only) Conditional Access Policy. All ActiveSync clients had a result of Report-only: Failure.
I deleted by Exchange account on my iPad [iOS 13.3.1] and added it again. After this, it was not using ActiveSync - Hurrah!
2% of my user base that have used their account this week are OK. Just need to tell my 2,500+ users to do the same, unless blocking ActiveSync forces them to sign-in again. Something to test tomorrow.
Details from the sign-in log below, in case it helps anyone.
Before account deleted on device:
Basic Info
Application: Office 365 Exchange Online
Resource: Office 365 Exchange Online
Client app: Exchange ActiveSync
User agent: Apple-iPad5C3/1704.50
Device Info
Browser: Mobile Safari
Authentication Details
Authentication method: PHS
Succeeded: true
Result detail: [Blank]
Requirement: Primary Authentication
After account deleted on device:
Basic Info
Application: Apple Internet Accounts
Resource: Office 365 Exchange Online
Client app: Mobile Apps and Desktop clients
User agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15
Device Info
Browser: Mobile Safari 13.0.5
Authentication Details
Authentication method: [blank]
Succeeded: false
Result detail: MFA requirement skipped due to registered device
Requirement: MultiConditionalAccess