Configuring Azure Conditional Access (Optional)
The Azure Conditional Access validates user, device, location, and risk level before granting or denying access. The Email+ app is migrated from Azure Active Directory Authentication Library (ADAL) to Microsoft Authentication Library (MSAL) to support Azure Conditional Access.
Optionally, configure Azure Conditional Access to restrict non compliant devices and unmanaged Microsoft 365 accounts.
Creating a new Conditional Access policy
The following procedure describes how to create a new policy using Azure admin portal:
Procedure
-
In the Azure admin portal, login as admin.
-
Go to Security > Protect > Conditional Access.
-
In Conditional Access settings, click Create new policy to create a new policy.
-
In New Conditional Access Policy page, update the following fields to create a new policy:
Fields Option Name
Enter name of the policy.
Assignments
Controls the access based on who the policy will be applied to, such as users and groups, workload identities, directory roles or external guests, and so on.
Under Users select:
-
Include
-
Exclude
Target resources
Select Email+Auth
Conditions
Select device platforms :
-
Android
-
iOS
Access controls
Grant: Controls access enforcement to block or grant access.
Under Grant section, select the following as required:
-
Grant access: Select require device to be marked as compliant.
Enable Policy
Toggle and select from the following options:
Report-only: Policies in Report-only more requiring compliant devices may prompt users on macOS, iOS, Android, and Linux to select a device certificate
-
On
-
Off
-
-
Click Create to save the policy.
Editing a Conditional Access policy
The following procedure describes how to edit the existing policy to configure Azure Conditional Access using the Email+Auth:
Procedure
-
In the Azure admin portal, login as admin.
-
Go to Security > Protect > Conditional Access > Policies.
-
Select and edit the policy, and update the following:
-
Add Email+ Auth application as a target resource.
-
Go to Access Controls > Grant and select the Require device to be marked as compliant option.
-
The Email+ application is now set up for Azure Conditional Access to support complaint devices.