Conditional Access Policy – Latest

Azure Conditional access policy has been very effective in enforcing policies such as enforcing users MFA, Devices, Access control and so on.

There is a latest update from Microsoft which is in the below blog.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-conditions

Essentially what it means is that conditional access policy will apply to legacy application by default

  1. If you must use legacy authentication, you must exclude those accounts from the policy, you can do this under Azure AD -> Security -> Conditional Access -> Open an Existing policy that you have -> Under Users and groups -> Exclude
(or)

2. Configure CA only for Modern application,

You can do this under Azure AD -> Security -> Conditional Access -> New policy (or) Open an Existing policy -> Under Conditions -> Client apps, Uncheck the Legacy authentication

Note: This recent announcement from MS only applies to new CA, existing CA will continue to work as it is.

VJ

TLS version support changes to Office 365 services

I’m sure most of the admins would have received an email from Microsoft saying,

Starting June 1, 2020, Office 365 will begin retiring TLS 1.0 and 1.1. This means that all connections to Office 365 using the protocols TLS 1.0 and TLS 1.1 will not work.

Some of my clients asked me on how to find if they even using TLS 1.0 on any of their system. So here’s how you can check from different tabs.

  1. Browse to Security and Compliance  https://protection.office.com/homepage and select + View Details on ‘Outbound and Inbound mail flow’:

2. Click “Outbound and Inbound mail flow” – This shows summary of incoming and outgoing email.

3. Click “Connector Report” to know which connector is sending on what version of TLS

4. If you click on Click ‘View details pane’ then ‘Request report’ (for detailed report) directed to internal user: this will show you the actual emails and the TLS version.