Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V [MVP]

Tag

MOdern Authentification

Conditional Access Behavior on Outlook 2016

If you enable conditional Access in Intune then Your devices will have to be enrolled with Intune in order to read mail. If they are not enrolled or otherwise compliant they will be blocked.

-You can relax these demands as you see fit, but that would kinda defeat its purpose.

This is how Outlook behaves

1 - autodiscover
Add Your account as usual
2 - modern auth prompt
Modern Auth Prompt
4 - conditional access required
Conditional Access checkpoint

This user will not be allowed to Complete the mail setup.
Note that you have to enable ADAL on Exchange Online and use Outlook 2013-2016 With ADAL in order for this to work. Click here to se how to set up Exchange Online with ADAL

How to enroll Your Windows 10 Machine in Intune to get back mail?

Click here for the MDM enrollment instructions without Azure AD join.

or here

for MDM enrollment instructions with Azure AD Join

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover
Without modern auth enabled on Office 365 and Outlook your users will be stuck here

 

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

2 - modern auth prompt3 - mfa prompt in outlook 2016

 

Outlook 2016 behavior when you ENABLE Azure MFA

Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.

Spoiler warning: Nothing happens, YET.

Here is how Outlook 2016 behaves when you activate Azure MFA for your Account.

1 - mfa on
AZURE MFA portal
2 - fresh outlook 2016
Fresh Outlook boot

3 - add account4 - user entered5 - searching for autodiscover

6 - credential popup
Normal login
7 - enter pwd
standard password
8 - success
success
9 - read email
mail approved

 

 

 

Blog at WordPress.com.

Up ↑

%d bloggers like this: