Forum Discussion
Create Conditional Access Policy
Hi CarlosMorales ,
This is what I would do. Make sure you use Modern authentication.
This is not ideal situation with Exchange Online App, but adding Device platfrom - Windows, Client apps - Mobile apps and Desktop clients plus enabling Modern authentication is the closest you can get.
I just tested in my environment and it will require MFA for Outlook client on Windows (if modern enabled), it does not ask you for MFA on other devices. It will not require MFA in browsers.
Good luck
Please see below, testing environment with the policy from above.
I have configured the policy as you explain, the results:
Outlook web doest not request MFA.
Teams Client if you request MFA.
Outlook client does not request MFA, not working.
Thanks,
Hi CarlosMorales ,
thanks for the reply.
Keep in mind that in this particular setup, you have to disable Legacy authentication and enable Modern authentication.
You can accomplish this by additional additional Conditional Access. see below.
Also you can do this by disabling Basic authentication from Admin center.
- Hi.
For block legacy authentication select all options:
Outlook client, Exchange ActiveSync, Autodiscover, IMAP4, POP3, Authenticated SMTP and Exchange Online PowerShell?
ThanksHi CarlosMorales ,
you can uncheck everything but I would suggest also creating a CA policy and block legacy.
If you decide to uncheck from Admin portal - see below my environment.
If you decide to do CA policy, you can Assign to test user, Cloud apps to All Cloud Apps, and Conditions under Client apps set to Yes, and check both under Legacy authentication clients. Under Grant set to Block.
Good luck. Make sure your Outlook client is the latest version to support Modern authentication. You can read about it here - Modern Authentication configuration requirements for transition - Exchange | Microsoft Docs
