Which condition should you add to CAPolicy1?

You have a Microsoft 365 E5 subscription that contains a user named User! and a web app named Appl.

App1 must only accept modern authentication requests.

You plan to create a Conditional Access policy named CAPolicy1 that will have the following settings:

• Assignments

° Users or workload identities: User1

° Cloud apps or actions: App1

• Access controls

° Grant: Block access

You need to block only legacy authentication requests to Appl.

Which condition should you add to CAPolicy1?
A . Filter for devices
B . Device platforms
C . User risk
D . Sign-in risk
E . Client apps

View Answer

Answer: E

Explanation:

you can use the client apps condition to block legacy authentication requests to App11. Legacy authentication is a term that refers to authentication protocols that do not support modern authentication features such as multi-factor authentication or conditional access2. Examples of legacy authentication protocols include Basic Authentication, Digest Authentication, NTLM, and Kerberos2. To block legacy authentication requests, you need to configure the client apps condition to include Other clients, which covers any client that uses legacy authentication protocols13.

Reference: 1: Conditional Access: Block legacy authentication | Microsoft Learn https://learn.microsoft.com/en-us/mem/identity-protection/conditional-access/block-legacy-authentication 2: What is legacy authentication? | Microsoft Learn https://learn.microsoft.com/en-us/mem/identity-protection/conditional-access/legacy-authentication 3: Client apps condition in Azure Active Directory Conditional Access | Microsoft Learn https://learn.microsoft.com/en-us/mem/identity-protection/conditional-access/client-apps-condition