New functionality now in preview for Conditional Access

So I was happily minding my own business looking at the configuration of my Conditional Access and notice 3 new options have appeared;

  • Baseline policy: End user protection (Preview)
  • Baseline policy: Block legacy authentication (Preview)
  • Baseline policy: Require MFA for Service Management (Preview)

Baseline policy: End user protection (Preview)

This policy protects users by requiring multi-factor authentication (MFA) during risky sign-in attempts to all applications. Users with leaked credentials are blocked from signing in until a password reset.

Once the policy is enabled, users are required to register for MFA within 14 days of their first login attempt. The default method of MFA registration is the Microsoft Authenticator App.

This policy is either On or Off and you can also exclude users from receiving this policy

Baseline policy: Block legacy authentication (Preview)

This policy blocks all sign-ins using legacy authentication protocols that don’t support multi-factor authentication (such as IMAP, POP, SMTP). The policy does not block Exchange ActiveSync.

  • Office 2013 (without registry keys)
  • Office 2010
  • Thunderbird client
  • Legacy Skype for Business
  • Native Android mail client

This policy is either On or Off and you can also exclude users from receiving this policy. This policy is great as I have configured a custom built policy for just this but my policy also includes Exchange Active Sync.

Baseline policy: Require MFA for Service Management (Preview)

This policy requires users logging into services that rely on the Azure Resource Manager API to perform multi-factor authentication (MFA).

Services requiring MFA include:

  • Azure Portal
  • Azure Command Line Interface (CLI)
  • Azure PowerShell Module

This policy is either On or Off and you can also exclude users from receiving this policy

Its great to see some more brilliant developments in Conditional Access and really excited to see these go live with customers.

Regards
The Author – Blogabout.Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *