Conditional Access is used by rules to secure users and applications against sign-ins to Azure AD. New features are released recurrent and some are still in preview. One of the feature is Report-only that is a very powerful to get started with Conditional Access in a current environment. Instead of create rules that block traffic you can now log incoming traffic and handle the users before activate hard block of services.
In this step we configure to simulate block all legacy authentication traffic to Office 365 Apps.
When Conditional Access Report-only is enabled you can see the logs in Azure Active Directory sign-ins logs. Sign-in to https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/SignIns and choose Report-only (Preview)
By this feature you can monitor your current situation and get the answer of how many users that really use the old protocol to connect. In next part we will cover how to configure logs to Azure Monitor Log Analytics workspace.
Part 2: https://cloudtech.nu/2020/01/23/part-2-conditional-access-azure-monitor-log-analytics-workspace/
Part 3: https://cloudtech.nu/2020/01/26/part-3-conditional-access-block-legacy-authentication/