Block apps that do not use modern authentication (ADAL)

App-based conditional access with app protection policies rely on applications using modern authentication, which is an implementation of OAuth2. Most current Office mobile and desktop applications use modern authentication. However, there are third-party apps and older Office apps that user other authentication methods, like basic authentication, and forms-based authentication.

To block access to these apps, we recommend the following methods:


App-based CA must not be used with Azure Active Directory (Azure AD) certificate-based authentication. You can only have one of these configured at a time.

See also

App-based conditional access with Intune