I'm trying to figure out the right conditional access policy to block these type of attempts
Application: Office 365 Exchange Online
Reason: Invalid username or password or Invalid on-premise username or password.
Client App: Other clients; Older Office clients
Browser: Microsoft Office 16.0
I've played around with a few configurations but not sure
View best response
If it's just for Exchange, there's a better solution: https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authen...
Thank you. I have the CA policy to block older clients but this would work for all users and I can use CA for the service accounts we need have basic auth for.