Microsoft Entra Blog
3 MIN READ
Azure AD Conditional Access support for blocking legacy auth is in Public Preview!
Alex Simons (AZURE)
Sep 07, 2018Microsoft
First published on CloudBlogs on Jun, 07 2018
Howdy folks, Today I'm excited to announce the Public Preview of Azure AD Conditional Access support for blocking legacy authentication. In the past you needed to use ADFS to do this, but using conditional access to do this is SO much simpler/better. Now you to can manage legacy authentication blocking as one part of your overall conditional access strategy, all from right in the Azure AD admin console. And for many of you, this will also give you the option to move away from ADFS to an cloud centered authentication model enabled by pass-through authentication . First things first, let's define legacy authentication. Legacy authentication is a term that refers to authentication protocols used by apps like:
Howdy folks, Today I'm excited to announce the Public Preview of Azure AD Conditional Access support for blocking legacy authentication. In the past you needed to use ADFS to do this, but using conditional access to do this is SO much simpler/better. Now you to can manage legacy authentication blocking as one part of your overall conditional access strategy, all from right in the Azure AD admin console. And for many of you, this will also give you the option to move away from ADFS to an cloud centered authentication model enabled by pass-through authentication . First things first, let's define legacy authentication. Legacy authentication is a term that refers to authentication protocols used by apps like:
- Older Office clients that do not use modern authentication (e.g., Office 2010 client)
- Clients that use mail protocols such as IMAP/SMTP/POP
- In the Azure AD portal, go to "Conditional access" and create a new policy.
- Select the users for your pilot group. As with all conditional access policies, we recommend starting with a small set of users to be sure you understand the support and end user experience impact.
- Select "All cloud apps".
-
Under the "Client apps" conditions, you should now see the "Other clients" checkbox . The "Other clients" checkbox includes older Office clients that do not support modern authentication, as well as clients that use mail protocols like POP, IMAP, SMTP, etc.
- Select the "Block access" control.
- Save the policy.
Updated Jul 24, 2020
Version 9.0Alex Simons (AZURE)
Microsoft
Joined May 01, 2017
Microsoft Entra Blog
Follow this blog board to get notified when there's new activity