Azure AD Conditional Access Policies: Filtering Legacy Authentication Attempts

Preventing Legacy Authentication in Azure AD

Question

You have an Azure Active Directory (Azure AD) tenant named contoso.com.

All users who run applications registered in Azure AD are subject to conditional access policies.

You need to prevent the users from using legacy authentication.

What should you include in the conditional access policies to filter out legacy authentication attempts?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication

To prevent users from using legacy authentication in Azure AD, you need to include a client apps condition in the conditional access policy. This option is provided in option C.

Legacy authentication refers to the use of protocols that do not support modern authentication methods, such as OAuth 2.0 or OpenID Connect. Examples of legacy authentication protocols include Basic Authentication, Digest Authentication, and NTLM. These protocols do not support multifactor authentication (MFA) or other advanced security features.

Conditional Access in Azure AD is a policy-based evaluation engine that provides contextual controls to enforce organizational policies. The policies define the conditions under which users can access resources in Azure AD. By using conditional access policies, you can require users to comply with specific requirements before they can access applications or services.

A client apps condition in a conditional access policy allows you to specify which client applications are allowed or blocked from accessing resources in Azure AD. By blocking legacy authentication client applications, you can prevent users from using legacy authentication protocols to access Azure AD resources.

Therefore, the correct answer is option C: a client apps condition.