Did you know: Microsoft are retiring legacy protocols in Exchange Online

Did you know: Microsoft are retiring legacy protocols in Exchange Online. As part of this effort, new Azure Active Directory (AD) Conditional Access policies will apply by default to all client apps, including both legacy authentication and modern authentication clients.

When this will happen
Microsoft will begin rolling out this feature in early August and expect rollout to be complete by mid-August.

How this will affect your organization

With the general availability of the client apps condition in Conditional Access, new policies will apply by default to all client apps (as opposed to only browsers and mobile apps and desktop clients using modern authentication).

Sign-ins from client apps that use legacy authentication do not support multi-factor authentication and do not provide device compliance information to Azure AD, so they may be blocked by new Conditional Access policies with grant controls requiring MFA or compliant devices.

Existing Conditional Access policies will not be affected by this change, though the configuration toggle for existing policies has been removed to make it easier to see which client apps existing policies apply to.

What you need to do to prepare

To prevent blocking users and service accounts that need to sign in using legacy authentication, either exclude those accounts from the new policy or configure the policy to apply only to modern authentication clients.

To configure a policy to apply only to modern authentication clients, switch the client apps configure toggle to yes and deselect Exchange ActiveSync and other clients, leaving only browser and mobile apps and desktop clients using modern authentication selected.

Before creating a new Conditional Access policy, use the Azure AD sign-in logs to determine which users and service accounts in your organization sign in using legacy authentication clients. Create the policy in report-only mode, so you can review its impact before enabling it in your organization.

This change in default behavior does not apply to existing Conditional Access policies.

However, if you view an existing policy, we’ve made it easier to see which client apps are selected by removing the Configure Yes/No toggle. Existing policies where the client apps condition was not configured now look like this:

If you’d like to schedule a free one hour consultation on Microsoft 365 roadmap planning with someone from our Microsoft 365 roadmap services team please contact us

Share:

Facebook
Twitter
LinkedIn

Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.