Forum Discussion
Logging for conditional access
Perfect, thanks. So we know that modern authentication is enabled at the organization level and the user has an email client that supports it. Next, I would verify that the Exchange on-premise connector is setup and functioning as intended. One more thing to consider is that Microsoft advises to create two separate conditional access policies to protect both Modern Authentication clients and Exchange ActiveSync clients. So, this might be worth a try as well.
All of our Mailboxes are hosted in the cloud. Our on premises server is used for management purposes only. We do not use the connector. Does this matter?
No, in that case you can disregard my comment about the on-premise connector, it's not required when using Exchange Online.
I think I may have come across root cause on this. From what I am reading even after iOS default mail app was updated to work with OAuth it did not work with modern auth if the profile was pushed to the device by intune. They have supposedly corrected this issue. I do see a new checkbox in the intune device configuration that we push that enables OAuth. I will create a test policy with that checkbox enabled and apply it to our test user group to see if this resolves the issue.
Good catch! Let us know if this resolves the problem.
