Conditional Access: Block legacy authentication

Due to the increased risk associated with legacy authentication protocols, Microsoft recommends that organizations block authentication requests using these protocols and require modern authentication.

Create a Conditional Access policy

The following steps will help create a Conditional Access policy to block legacy authentication requests.

  1. Sign in to the Azure portal as a global administrator, security administrator, or Conditional Access administrator.
  2. Browse to Azure Active Directory > Security > Conditional Access.
  3. Select New policy.
  4. Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
  5. Under Assignments, select Users and groups
    1. Under Include, select All users.
    2. Under Exclude, select Users and groups and choose any accounts that must maintain the ability to use legacy authentication.
    3. Select Done.
  6. Under Conditions > Client apps (preview), set Configure to Yes.
    1. Check only the boxes Mobile apps and desktop clients > Other clients.
    2. Select Done.
  7. Under Access controls > Grant, select Block access.
    1. Select Select.
  8. Confirm your settings and set Enable policy to On.
  9. Select Create to create to enable your policy.

Next steps

Conditional Access common policies

Simulate sign in behavior using the Conditional Access What If tool