An Azure AD Conditional Access Policy for Guests that blocks legacy authentication clients.
Suggested name:
CA4{XX}-Guests-IdentityProtection-AllApps-AnyLegacyAuthClient-Block
Assignments
Users
| Users and groups |
|
| Include users |
All guest and external users |
Cloud apps or actions
| Cloud apps |
|
| Include |
All cloud apps |
Conditions
| Legacy authentication clients |
|
| Include |
Exchange ActiveSync clients |
| Include |
Other clients |
Access controls
| Block Access |
| No additional control selection |
References
https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-architecture
https://learn.microsoft.com/en-us/azure/architecture/guide/security/conditional-access-framework
https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/concept-conditional-access-policy-common