An update to Azure AD Conditional Access for

Published Sep 07 2018 08:52 AM 3,239 Views
First published on CloudBlogs on Aug, 04 2017
Howdy folks, Today I'm writing to provide some background about a change in how conditional access policies will soon be enforced when users access Notifications about this change have been sent out, but several of you have asked for additional details.

What's changed?

On August 24 th , a change will roll out that requires users to satisfy any policies set on Exchange Online and SharePoint Online when accessing For example, if a policy requiring multi-factor authentication (MFA) or a compliant device has been applied to SharePoint or Exchange, this policy will also apply to users signing into


This change addresses feedback we've gotten from customers who have noticed that some features break in when a policy is applied to Exchange or SharePoint. These include searching for documents and email, loading your customizations in the app launcher, creating new documents, and viewing your calendar. These features access Exchange and SharePoint data, so they're subject to Exchange and SharePoint policies. By requiring users to satisfy these policies when they access users will have access to Exchange and SharePoint data, so these features will continue to work.

What else do I need to know?

  • Any policies that have been applied to Exchange and SharePoint browser access will apply.
  • Policies set specifically for mobile and desktop applications will be skipped since is accessed through the browser. This applies to conditional access policies set through the Azure Management Portal, the "Classic" Azure Portal, and the Intune management portal.
  • Policies set using Office 365 MDM will not apply since they are targeted for mobile apps.
  • If a policy is set for Exchange and SharePoint, both policies will take effect when is accessed.

The impact

The main impact will be to users who use but have not already satisfied SharePoint and Exchange policies. In these cases, they can take the steps to satisfy policy or, in cases in which this is not an option, where users are attempting to access to install Office applications, they can do so from . Overall, we believe this will improve the end-user experience on by keeping it consistent no matter how users are accessing the page. But we want to hear directly from you about how this change has impacted your users' experience, so keep sharing your feedback with us! Best regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division
Version history
Last update:
‎Jul 24 2020 01:59 AM
Updated by: