Block apps that do not use modern authentication (ADAL)

App-based conditional access with app protection policies rely on applications using modern authentication, which is an implementation of OAuth2. Most current Office mobile and desktop applications use modern authentication. However, there are third-party apps and older Office apps that user other authentication methods, like basic authentication, and forms-based authentication.

Block apps

To block access to apps that do not use modern authentication, we recommend the following methods:


App-based CA must not be used with Azure Active Directory (Azure AD) certificate-based authentication. You can only have one of these configured at a time.

Next steps