Configuring Azure Conditional Access (Optional)

The Azure Conditional Access validates user, device, location, and risk level before granting or denying access. The Email+ app is migrated from Azure Active Directory Authentication Library (ADAL) to Microsoft Authentication Library (MSAL) to support Azure Conditional Access.

Optionally, configure Azure Conditional Access to restrict non compliant devices and unmanaged Microsoft 365 accounts.

Creating a new Conditional Access policy

The following procedure describes how to create a new policy using Azure admin portal:

Procedure 

1. In the Azure admin portal, login as admin.

2. Go to Security > Protect > Conditional Access.

3. In Conditional Access settings, click Create new policy to create a new policy.

4. In New Conditional Access Policy page, update the following fields to create a new policy:
   

   Fields	Option
   Name	Enter name of the policy.
   Assignments	Controls the access based on who the policy will be applied to, such as users and groups, workload identities, directory roles or external guests, and so on. Under Users select: Include Exclude
   Target resources	Select Email+Auth
   Conditions	Select device platforms : Android iOS
   Access controls	Grant: Controls access enforcement to block or grant access. Under Grant section, select the following as required: Grant access: Select require device to be marked as compliant.
   Enable Policy	Toggle and select from the following options: Report-only: Policies in Report-only more requiring compliant devices may prompt users on macOS, iOS, Android, and Linux to select a device certificate On Off

5. Click Create to save the policy.
   

Editing a Conditional Access policy

The following procedure describes how to edit the existing policy to configure Azure Conditional Access using the Email+Auth:

Procedure 

1. In the Azure admin portal, login as admin.

2. Go to Security > Protect > Conditional Access > Policies.

3. Select and edit the policy, and update the following:

   1. Add Email+ Auth application as a target resource.

   2. Go to Access Controls > Grant and select the Require device to be marked as compliant option.

The Email+ application is now set up for Azure Conditional Access to support complaint devices.