Forum Discussion
Solved
Conditional Access native iOS mail app works - but not if manually configured or if mail already set
Hello When I create CA Policies for iOS, (All iOS devices on iOS 11+) Scenario: Client has existing iPhone's already in use - 90% use native iOS App - We want to force these devices into MDM ...
- The first policy (legacy) should block access. It's also recommended to make one policy for active sync and one for other clients. Make sure to exclude service accounts that doesn't support modern authentication.
I would monitor the sign-in log and look for logins from other client and active sync (unsupported) before doing this in production.
JT
You need to block legacy authentication in order to fully make use of Conditional Access
- You can do it through Conditional Access: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
Or an Exchange level: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-onlineYup was able to do it via Conditional Access already. Had issues mainly with my patience haha. Took it more than a day till my expected outcome were observed.
Thank you!