Hey folks, hopefully at this point you have started or are starting to tackle the legacy authentication in your environment. A customer I work with disabled it for 80% of their environment and had 0 help desk calls because of how they did it. A quick Friday thread 1/
First they wanted to see what they had. They used the Legacy Auth report we have in Azure AD workbooks. One of the many excellent workbooks there. https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/howto-use-azure-monitor-workbooks#sign-ins-using-legacy-authentication Anyone using Legacy today got put in the exclusion group to start with. 2/
Then they created the CA policy following https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication. But they put it in Report Only Mode. https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-insights-reporting And let it sit for 2-3 months. They wanted a quarter of data to feel good. Anyone that would have gotten blocked, went into that exception group 3/
After that time elapsed they felt good about it. They changed the CA policy from Report-Only to On. That's it. Really that's all they did. 80% weren't using it today and they didn't know the difference. The 20% are excluded while they work through moving to modern auth. 4/
They put an Access Review on the exclusion group to help track the progress https://docs.microsoft.com/en-us/azure/active-directory/governance/conditional-access-exclusion. They are just tackling it protocol by protocol and business unit by business unit. They have a target date set. And just marching towards it. That simple 5/.
So if you haven't started on this today. Start collecting that data. You can do this. They literally just followed those few docs. No broken apps and help desk calls from users. And dont worry about trying to do all of it at once. Some is better than none! Chop away at it. 6/.
If you follow this same method send a thank you to @Daniel_E_Wood and @Caleb_B. Awesome work by them, the dev team and many others made it a non event. Start working on this TODAY! /fin.