In this blog, I will explain how we can use conditional access to report the applications still getting connected using basic authentication or legacy protocols. I would recommend reading my post 1 of this series Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD.
Conditional Access is used to bring signals together to make decisions and enforce organizational policies, recently Microsoft had extended the capability of conditional access for reporting mode as well, You all might know how to put condition access in reporting mode.
The easiest way to monitor the impact of blocking legacy authentication without disrupting users is using Conditional Access report-only mode. Policies in report-only mode are evaluated at sign-in, but the grant controls are not enforced, so you can see who is using legacy authentication in real-time without blocking them. Let me show you how to create conditional access in reporting mode.
How to Create a Conditional Access Policy in Reporting Mode
Login to Azure Ad using URL:https://aad.portal.azure.com/ and under Manage section you can see Security tap on that and this will take you next page were you can create Conditional Access, you can even access conditional access form https://endpoint.microsoft.com/ as well
This will take you to the page to create Conditional Access under Protect there are some predefined policies, lets ignore those and create a new one by clicking New Policy.
Provide a Name for the policy to Identify it in the future, Select the Users or Group to be included or Select all users, Select the Applications, in this case, I had selected all the applications, in the condition, specify the client apps, we need to select.
- Mobile apps and desktop clients
- Exchange ActiveSync Clients and Other Clients
Make sure you select Report-only mode in Conditional access this will monitor the apps using Basic Authentication once its selected tap on Create to create the Conditional Access.
To determine how many users will be blocked by the policy we can use the new Conditional Access Insights workbook which is in Azure Logs and selecting the policy which had been created in Conditional Access this will help us to identify the users and applications details.
How to Fetch the report using Conditional Access Insights
Login to Azure Ad using URL:https://aad.portal.azure.com/ and under the Monitoring section, you can see Workbooks tap and select Conditional Access Insights.
Selecting Conditional Access Insights will take you to the next page, which will show the report regarding the conditional access which we had created, Select the Conditional Access Policy, Time rage Last 24 hours or 90 days as per the requirement and other filters as well. This will give Insights about the report and break down to understand what kind of Device state ( Azure Ad registered / Azure Ad Joined / Hybrid Joined ), Device Platform, and Client Apps.
Report Using Sign-In Logs in Workbook and using Azure Log Analytics
We can get a similar report using Azure Sign-In logs using Azure Workbook, Navigate to Workbook in Azure and select Sign-Ins before that we need to stream the sign into the workbook tab in the azure ad by Tapping new in the workbook.
Here you will see information about which client apps are being used in your organization.
You can get the report using Azure Log Analytics writing the query in Kusto Query Language (KQL), Create a new query in logs under Monitor, with the blow you can fetch application using Basic Authentication.
Signings | project UserDisplayName, ClientAppUsed | summarize count() by ClientAppUsed
Run the query to fetch the report, you can write query as per the requirement.