Forum Discussion

niazstinu's avatar
niazstinu
Brass Contributor
Nov 16, 2020

Conditional Access and Email Access, did I do it correct

Hi all I configured Conditional Access for some of my users using the following configuration. Users and Groups: Users1,User2, User3 All Cloud Apps Conditions: Any Device                       C...
Access Management
Azure Active Directory (AAD)
Identity Management
Pontus Själander's avatar
Pontus Själander
Iron Contributor
Dec 16, 2020

niazstinu Hi!

First of all, in your policy you are including legacy protocols. Those protocols should be blocked from the end-users due to security reasons. Those protocols will go end-of life within the Office 365 platform during 2021.

The gmail app is most likely using an legacy protocol, and not Modern Authentication and therefore the application won't be able to use MFA.
I would suggest to move to Outlook for Android / Outlook for iOS and I would create the following policies:

 

Policy Name: Block Access - Legacy Authentication

User and Groups: 

Include: anysecuritygroup/enduser
Exclude: anybreaktheglassaccount@xx.com

  

Cloud apps: 
Include: Office 365 

Condition

Location:  
Include: Any Location 
Client apps 
Include: Other clients 
Include: Exchange ActiveSync clients

Access Controls: 
Block Access 

 

-------
 

Policy Name: Grant Access - Mobile and Desktop Apps who use Modern Authentication (Require MFA) 
 

User and Groups: 
Include: anysecuritygroup/enduser
Exclude: anybreaktheglassaccount@xx.com

  

Cloud apps: 
Include: Office 365 

Conditions: 
 
Locations: 
Include: Any Location 
 

Client Apps:  
Include: Mobile apps and desktop clients 
 

Access Controls: 
Allow access through requiring MFA Challenge 



 

niazstinu's avatar
niazstinu
Brass Contributor
Dec 25, 2020

Pontus Själander 

Thanks , will apply it and see what will happese

 

Resources