Forum Discussion
Logging for conditional access
Are you sure you are using modern authentication? Generally I think AS does not use modern authentication.
EAS does support modern authentication, just limited when it comes to Conditional Access. You're definitely asking the right question though. It appears as though legacy authentication could be in use, which is why the conditional access policy isn't applied. Mail for iOS 11.3.1 or later supports modern authentication, so I would suggest Robert Woods confirm the iOS version of the device to ensure it will comply.
- From the device itself, when you set up email, if you are using modern authentication you should get some type of web interaction I believe.
by default in iOS it will attempt to do modern authentication before it does AS, but it will default back to AS. Perfect, thanks. So we know that modern authentication is enabled at the organization level and the user has an email client that supports it. Next, I would verify that the Exchange on-premise connector is setup and functioning as intended. One more thing to consider is that Microsoft advises to create two separate conditional access policies to protect both Modern Authentication clients and Exchange ActiveSync clients. So, this might be worth a try as well.
All of our Mailboxes are hosted in the cloud. Our on premises server is used for management purposes only. We do not use the connector. Does this matter?
