User Profile
CSearle
Copper Contributor
Joined May 12, 2020
User Widgets
Recent Discussions
Re: Signins: Login status = success but Conditional access = failed?
I believe i can explain this behavior. The Conditional Access block action for ActiveSync is unique. It does not fail the sign in with Azure AD, it signals Exchange to perform a quarantine on the device. The user is able to successfully configure the AS connection, but rather than get access to anything they see a single email stating that ActiveSync is not permitted. This is very similar to the 'Require approved client app' condition. Rest assured that the user is effectively blocked from setting up a working AS account, but since the sign in is not immediately failed like most CA policies it is technically correct for it to show as a successful sign-in. It will also result in frequent sign-ins if the user doesn't remove the account, which may look like active usage. I'm not sure how this will be handled when Microsoft finally block legacy protocols permanently, but this is the current behavior as tested in October 2022.17KViews1like0Comments
Recent Blog Articles
No content to show