Set 2FA NOT to accept older apps

Highlighted
Contributor

Hi

 

How can I set 2FA NOT to accept older apps?

 

I read that this could be possible but how exactly?

2 Replies
Highlighted

Livo,

     Guessing you are asking about blocking those older apps that don't support modern authentication.

 

This can be done leveraging Intune and Conditional access.  There are two different scenarios based on if you are using ADFS or not.  I would start here - https://docs.microsoft.com/en-us/intune/app-modern-authentication-block.

 

That article contains to links, one on how to set it up for ADFS and another how to set it up using Azure AD Conditional Access.

 

If you are just looking for force all users to use 2FA to authentication, that can also be done with Conditional Access in MFA by setting a policy where the can only connect if using 2FA.

 

Just be aware, both of these also require some additional licensing with one of the Enterprise Mobility + Security SKUs for Office 365 if you don't already have it.

 

Hope that helps

Highlighted

You can actually use CA to block legacy auth across the board now, so no need for anything else: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/conditions#legacy-authent...