Legacy Auth Conditional Access

%3CLINGO-SUB%20id%3D%22lingo-sub-2261248%22%20slang%3D%22en-US%22%3ELegacy%20Auth%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2261248%22%20slang%3D%22en-US%22%3E%3CP%3EOf%20those%20that%20have%20enabled%20the%20Block%20Legacy%20Auth%20via%20Conditional%20Access%2C%20were%20there%20any%20surprises%20or%20unexpected%20turn%20of%20events%20by%20doing%20so%3F%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20been%20watching%20the%20Sign%20in%20Logs%20for%20legacy%20authentications%20and%20taking%20care%20of%20any%20accounts%20that%20were%20still%20using%20them.%20I%20believe%20I%20have%20taken%20care%20of%20them%20all.%20So%2C%20I%20created%20a%20conditional%20access%20to%20block%20those%20protocols%20but%20set%20it%20to%20Report-Only.%26nbsp%3B%20However%2C%20two%20days%20later%2C%20I%20do%20not%20see%20anything%20under%20Report-Only%20on%20the%20Sign%20in%20Logs.%20I%20do%20see%20the%20policy%20under%20the%20Conditional%20Access%20tab%20and%20results%20is%20Not%20Applied%2C%20which%20in%20report-only%20mode%2C%20would%20make%20sense.%20Also%20going%20to%20the%20Insights%2C%20let's%20just%20say%20that%20does%20not%20make%20any%20sense%20at%20all.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EJust%20wanted%20to%20get%20some%20feedback%20on%20those%20that%20have%20done%20this%20on%20their%20tenant%20and%20how%20successful%20it%20was%20to%20implement.%26nbsp%3B%20Thanks.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2261248%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAccess%20Management%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EIdentity%20Management%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2261723%22%20slang%3D%22en-US%22%3ERe%3A%20Legacy%20Auth%20Conditional%20Access%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2261723%22%20slang%3D%22en-US%22%3EYou%20can%20always%20add%20exceptions%20as%20necessary%2C%20even%20adding%20a%20blank%20%22exclude%20everything%20from%20my%20trusted%20locations%22%20rule%20will%20greatly%20reduce%20your%20exposure%20to%20brute%20force%20attacks%20and%20such.%20Usually%2C%20it's%20the%20multi-functional%20devices%2C%20app%20integrations%20and%20automated%20scripts%20that%20cause%20trouble%2C%20but%20of%20course%20it%20varies%20from%20org%20to%20org.%3C%2FLINGO-BODY%3E
Super Contributor

Of those that have enabled the Block Legacy Auth via Conditional Access, were there any surprises or unexpected turn of events by doing so? 

 

I been watching the Sign in Logs for legacy authentications and taking care of any accounts that were still using them. I believe I have taken care of them all. So, I created a conditional access to block those protocols but set it to Report-Only.  However, two days later, I do not see anything under Report-Only on the Sign in Logs. I do see the policy under the Conditional Access tab and results is Not Applied, which in report-only mode, would make sense. Also going to the Insights, let's just say that does not make any sense at all.  

 

Just wanted to get some feedback on those that have done this on their tenant and how successful it was to implement.  Thanks. 

3 Replies
You can always add exceptions as necessary, even adding a blank "exclude everything from my trusted locations" rule will greatly reduce your exposure to brute force attacks and such. Usually, it's the multi-functional devices, app integrations and automated scripts that cause trouble, but of course it varies from org to org.
Where is this rule "exclude everything from my trusted locations" ? Can that be applied to the Basic Auth Condition?
This: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
You can configure it as an exception to your policies, so that legacy auth is still allowed for any request coming from said location/IP ranges. You should only use this as a temporary solution though, getting rid of basic auth should still remain the goal.