Specify a client to allow or deny it access to Office 365. Exchange ActiveSync or Legacy Auth client do not support multifactor authentication. See Microsoft documentation: Enable or disable modern authentication in Exchange Online and Office 365: Enable Modern Authentication.Įxchange ActiveSync/ Legacy AuthenticationĪpplies the rule to native mail clients on iOS or Android devices, as well as older desktop clients on macOS and MS Windows that do not support Modern Authentication. Modern Authentication is a configurable setting on an Office 365 tenant for Exchange Online. This includes Office 20 clients with required patches or configuration updates, as detailed in this Microsoft Support documentation: Updated Office 365 modern authentication. You can choose from the following options: OptionĪpplies the rule to web browsers such as Chrome, Safari, or Internet Explorer.Īpplies the rule to thick client applications configured to leverage Modern Authentication. The Client Type section determines to which clients the sign on rule will apply.
You may require that MFA is always enforced when users are not coming from one of these known networks. For example, you may have corporate offices configured as a network location in Okta. You may make MFA a consistent requirement from this location.Īpplies this rule to anyone NOT coming from a specific location or IP range. For example, a branch office in a location with unreliable security. You can choose from the following options: OptionĪpplies the rule to all users regardless of where the access is originatingĪpplies the rule to users coming from a specific location or IP range. Also consider the impact of network zones when restricting access. If you are applying the rule to specific zones, you first need to set up Network Zone in Okta. This section determines to which location the sign on rule will apply. You want to slowly phase the sign-on rules in to an existing app.You want to enable exceptions for the app access.
Consider scoping the rule to groups or a subset of users if:
0 kommentar(er)
