Logging for conditional access

Question

I have a policy set up to only allow compliant mobile devices to access Exchange Active Sync. When reviewing access logs I show Not Applied under the logs, and device info is blank for compliance. It also shows Mobile Safari for the browser info. Is the what I should expect in the logs? User is accessing mail in the default iOS mail app on the device.

My policy is set to cover all users

Cloud apps: Exchange Online

Conditions:

Access Controls:

bbhorrigan · Answer

Are you sure you are using modern authentication?&nbsp; Generally I think AS&nbsp;does not use modern authentication.&nbsp;&nbsp;

robert woods · Answer

Just finished testing and it absolutely did. End users have to go into the passwords section on thier phones settings and re-enter the password, which then prompts them to allow iOS Accounts to access office 365 with certain permissions, and after acceptance the logging shows our policies now being applied.&nbsp;

eglockling · Answer

EAS does support modern authentication,&nbsp;just limited when it comes to Conditional Access. You're definitely asking the right question though. It appears as though legacy authentication could be in use, which is why the&nbsp;conditional access policy isn't applied.&nbsp;Mail for iOS 11.3.1 or later supports modern authentication, so I would suggest Robert Woods confirm the iOS version of the device to ensure it will comply.

robert woods · Answer

eglockling&nbsp;device is iOS 12.1 and this is what I see when I run a Get-OrganizationConfig&nbsp;

bbhorrigan · Answer

From the device itself, when you set up email, if you are using modern authentication you should get some type of web interaction I believe.by default in iOS it will attempt to do modern authentication before it does AS, but it will default back to AS.

Forum Discussion

Logging for conditional access

Resources