Office 365 default sign on rules

The Office 365 app in Okta has two default sign on rules. This set of rules is unique to the Office 365 app. It ensures that only more secure clients get access to the Office 365 apps. This set contains the following two rules:

Allow Web and Modern Auth

This rule is by default set as 1 in priority. It only allows web browsers and apps supporting Modern Authentication to access the Office 365 app. It denies access to Exchange ActiveSync and clients using Legacy Authentication.

Make this rule more stringent by modifying the Access section of the rule as follows:

  • Specify how frequently the user will be prompted to re-authenticate.

  • Require the user to successfully complete the MFA prompt and specify how frequently the user will be prompted for MFA. See Multifactor Authentication.

Default sign on rule

This rule is by default set last in priority. It denies access to all clients from all networks. Neither this rule nor its priority can be modified. This rule acts as a catch-all rule for situations not specifically defined in previous rules.

You can create additional sign on rules and set their priority to match your security needs. Okta evaluates each rule by its priority and applies the first rule that matches. If a user does not fall within the scope of a preceding rule (or rules applied globally across the org), they are subject to the Default sign on rule that denies access to Office 365 apps.

Next step

Create Office 365 sign on rules