IT Blog

Identity & Access Management

Conditional Access in Outlook on the web for Exchange Online

 width=

Conditional Access in Outlook on the web for Exchange Online

Step-1

Connect to Exchange Online using PowerShell, this script for MFA enabled Admin Users.

 

#Import the module, requires that you are an administrator and are able to run the script

Import-Module $((Get-ChildItem -Path $($env:LOCALAPPDATA+”Apps2.0″) -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1)

#connect specifying username, if you already have authenticated to another module, you actually do not have to authenticate

Connect-EXOPSSession -UserPrincipalName Khalid@Microtechx.io

#This will make sure when you need to reauthenticate after 1 hour that it uses existing token and you don’t have to write password and stuff

$global:UserPrincipalName=”Khalid@Microtechx.io”

Script Link

Step-2

Check your Org wide OWAMailbox Policy

Get-OwaMailboxPolicy

Output like this, by default its off.

ConditionalAccessPolicy                             : Off

ConditionalAccessFeatures                           : {}

Step-3

Now check your OWAMailboxPloicy identity.

Get-OwaMailboxPolicy | Select Identity

 

Identity

——–

OwaMailboxPolicy-Default

Step-4

Now Configure OWAMailboxPolicy with Conditional Access Read-only mode.

Set-OwaMailboxPolicy -Identity OwaMailboxPolicy-Default -ConditionalAccessPolicy ReadOnly

This will be output after configurations.

ConditionalAccessPolicy                             : ReadOnly

ConditionalAccessFeatures                           : {Offline,

AttachmentDirectFileAccessOnPrivateComputersEnabled,

AttachmentDirectFileAccessOnPublicComputersEnabled,

AttachmentPrintWithoutDownload}

Now Configure Conditional access policy in Azure AD. (AAD P1 needed for conditional access)

Leave a Reply

Your email address will not be published. Required fields are marked *