In part one we created a log analytics workspace and used a workbook to identify legacy authentication. In this part we will have a look at how to block legacy auth by using a Conditional Access policy.
Step 1 (communicate). The workbook from part 1 comes useful when we want to identify users still using legacy auth. We can now use sharepoint, teams, yammer e-mail to communicate this with the users, and when we see that the amount of legacy auth sign-ins are little to none to zero it is time to create the CA-policy.
Step 2 (apply CA-policy). Now it is time to create the conditional access (CA) policy to make sure we block legacy auth.
- Navigate to “https://portal.azure.com“
- Click “Azure Active Directory“
- Click “Security” and “Conditional Access“
- Click “New policy“
- Name: “Test – Block Legacy Authentication“
- Users and groups: “All users” but exclude at least one account just in-case
- Cloud apps or actions: “All cloud apps“
- Conditions: “Yes” and mark both “Exchange ActiveSync clients” and “Other clients“
- Access controls: Click “Block access“
- Enable policy: “On“
- Click: “Create“
We have now successfully identified, communicated and blocked legacy authentication!