Forum Discussion
MFA is being discontinued?
MFA is not being discontinued, legacy authentication is being killed off. And it was a silent thing in my opinion as well, as my tenant is much older than 2017 but we don't use much M365 stuff, mostly just for office. Most apps use modern authentication anyways, and yes, you need some form of MFA for it.
To see your sign in details for sign-ins using legacy authentication use the reporting under the Azure sign in. I have premium licenses so I can use Conditional Access to block my legacy auth and ensure modern auth. I'm sure there is another way but conditional access is also really beneficial to help protect from phishing of passwords and token theft.
Read more here: Blocking legacy authentication protocols in Azure AD | Microsoft Docs
meggerz I checked Azure and the only legacy client app is "Exchange ActiveSync" which is required to be used on all Samsung and iPhones in order to get contacts and calendars sync'd to the native apps (if you use the Outlook mobile app the contacts on show in that app and not the phone's native app).
I assume Microsoft will have a solution for this if they kill off ActiveSync?
I'm sure there is a solution. Calendar and contact syncing to your native apps can be heavily controlled by your MDM, so that could be interfering.
If you do not use an MDM I would suggest Enabling and enforcing MFA for an account. Blow away all of your active sync profiles (Outlook contacts, calendar - these are all 3 separate entities by the sounds of it), and then reconfigure your profile with Modern authentication. You should be able to sync your calendar and contacts through to the native apps - there is an option in the Outlook profile that you need to enable for it.
That being said, I am using InTune and Android Enterprise with the corporate owned devices and work profiles (COPE) on our Samsung devices. We are seeing a lot of weird behaviour\bugs with the native calendar and contacts being used when the mail profile is configured through Outlook. Including things like the options to sync the calendar is not there if we setup the Outlook profile the first time we launch the app. If we open the app, close it, and then open it again and set up the Outlook profile the contacts and calendars sync properly. Don't forget to look to ensure the sync calendar and sync contacts is an option within the profile, as it isn't on by default. Again, a lot of these bugs are likely due to the MDM, not Outlook itself. We're still trying to sort it out ourselves.
I still stress that conditional access is also really important to look into that if you license allows.
meggerz We do use MFA and enforce it on all accounts hence why I was concerned it was being "discontinued." What was happening is when you add the Outlook app then remove the ActiveSync account, all contacts get lost because they are either just on the phone and not syncing or other issues.
We do not use any MDM solution because even Microsoft's InTune and Blackberry will NOT allow us to unlock any Android phones or change their PINs/google accounts so even though all are corporately owned devices, we have zero control over that unless we do full wipes and make them work-only phones (which we will NOT do). We are not a government and having to have fully controlled devices just to use these features is absurd.
So basically an Employee quits and we have to pay Google $85 to unlock their google account. Ridiculous.
