One of the biggest advantages of Azure AD is the Conditional Access framework. Conditional Access allows for a very granular access control to your applications. Based on the conditions you define in a policy, certain controls are enforced before access is allowed. The catch is that Conditional Access is based on Modern Authentication. All the CA policies you create, do not apply to users that use legacy authentication – for example when using Outlook 2010 or protocols like POP3 or IMAP.
Since last week, it is possible to block legacy authentication in Conditional Access (in preview). This means, it is now possible to create your Conditional Access policy while at the same time blocking legacy authentication – all from one place and without the use of ADFS.
For many organizations, this is great news, because this removes another possible requirement for the use of ADFS, after we already introduced pass-through authentication last year.
Check out my video to find out how (easy) this works in real life.