On Wednesday June 30, I spoke at the monthly user group meeting of the Microsoft 365 Security & Compliance user group. The Microsoft 365 Security & Compliance user group is based in the UK and  UK based user group consists of Alan Eardley (@al_eardley) and Peter Rising (@M365Rising)

The meeting will started with a very interesting session from Sergey Chubarov, who is a Microsoft Azure MVP and his session was titled “Hackers won’t pass – Microsoft 365 Defender in action”. Sergey made hacking a Windows machine look like child splay, and I would definitely recommend following one of his sessions if you have the chance. He will be speaking at the Workplace Ninja Virtual Edition 2021 in August for example.

After the session of Sergey, my session started and was about: “Azure AD Conditional Access Demystified – June 2021 edition“. The session was not recorded but you can find the slides I used for your reviewing pleasure on my Github page here: M365 Security and Compliance UG – Conditional Access Demystified – 30062021.pdf

During the session I was asked the following question by Ru Campbell, @rucam365 on Twitter which in my memory I didn’t answer correctly. His question was: “if you have a grant access requirement such as MFA or device compliance, does this block legacy auth for users/apps in scope too?  Or does legacy auth bypass the requirement?

I believe I answered that in order to MFA to be enforced you must also block legacy authentication, but this is not fully true anymore since Microsoft made a change in November last year, where they announced that new CA policies will apply to legacy authentication clients by default. This means that if your policy requires MFA or some other grant control that legacy auth clients can’t support, sign-in will be blocked.

I still do recommend to create a CA policy blocking legacy authentication though.

Previous articleBreak open your machine learning model with plsexplain
Next articleSharePoint Online Branding & Design Ideas
I started my career in 1995 as a System Engineer in the broadcast industry, building and maintaining video editing suites and television studio's and later specializing in Telecine equipment. In 1998 I switched to a first line support function within the Information Technlogy on the dealing room of a large bank, working my way up to a 3rd line support engineer. From this position i started to work on projects, which eventually resulted in projects where I worked across the border. In this period I implemented and designed several deployment solutions for mass rollout of workstations, laptops and servers. Since 2009 I switched to a consultancy function mainly focusing on but not limited to System Center design and implementation projects, besides that I became a Microsoft Certified Trainer (MCT) and currently teach System Center Related Classes (SCCM, SCOM and SCSM). In Januari 2010 I received the Microsoft MVP award with the expertise Setup & Deployment which was extended in 2011 and 2012. In 2013 and 2014 I was awarded the VMware vExpert award. In october 2014 I received the Microsoft MVP award with the expertise System Center Cloud and Datacenter Management (SCCDM).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.