Tag

MOdern Authentification

Conditional Access Behavior on Outlook 2016

If you enable conditional Access in Intune then Your devices will have to be enrolled with Intune in order to read mail. If they are not enrolled or otherwise compliant they will be blocked.

-You can relax these demands as you see fit, but that would kinda defeat its purpose.

This is how Outlook behaves

1 - autodiscover — Add Your account as usual

2 - modern auth prompt — Modern Auth Prompt

4 - conditional access required — Conditional Access checkpoint

This user will not be allowed to Complete the mail setup.
Note that you have to enable ADAL on Exchange Online and use Outlook 2013-2016 With ADAL in order for this to work. Click here to se how to set up Exchange Online with ADAL

How to enroll Your Windows 10 Machine in Intune to get back mail?

Click here for the MDM enrollment instructions without Azure AD join.

or here

for MDM enrollment instructions with Azure AD Join

Outlook 2016 behavior when you ENFORCE Azure MFA

When you click enforce Azure MFA your users will not be able to Connect to Office 365 With Clients that does not support modern auth.

When they set up Outlook they will see this screen and be stuck there:

1 - autodiscover — Without modern auth enabled on Office 365 and Outlook your users will be stuck here

When you have enabled MFA on your Exchange Online Tenant this is what will happen:

Outlook 2016 behavior when you ENABLE Azure MFA

**Scenario: You select “ENABLE” on Azure MFA but you do not Enforce. The user has not logged onto Office 365 before and is setting up his Outlook for the first time.**

Spoiler warning: Nothing happens, YET.

Here is how Outlook 2016 behaves when you activate Azure MFA for your Account.

1 - mfa on — AZURE MFA portal

2 - fresh outlook 2016 — Fresh Outlook boot

6 - credential popup — Normal login

7 - enter pwd — standard password

8 - success — success

9 - read email — mail approved

Blog at WordPress.com.

%d bloggers like this: