Secure Office 365 using app sign-on policies

The default sign-on rule for Office 365 is different than other apps in Okta. This rule denies access to all clients from any network. It cannot be modified. This prevents clients that use Legacy AuthenticationAuthentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual. Authentication methods and protocols include direct auth, delegated auth, SAML, SWA, WS-Fed, and OpenID Connect. from accessing Office 365.

The other Okta-provided rule allows access to only web browsers and apps that support Modern Authentication. Modern authentication is a term for a combination of authentication and authorization methods. These methods can include multifactor authentication (MFA), clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. certification-based authentication, Azure Active DirectoryActive Directory (AD) is a directory service that Microsoft developed for the Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was only in charge of centralized domain management. Authentication Library (ADAL), and Open Authorization (OAuth).

You can edit this rule to make it more stringent. Alternatively, you can add another to allow clients using Legacy Authentication (not recommended). For more information about appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. sign on policies, see Office 365 Client Access Policies.


Edit sign-on rule to prompt for MFA

You can edit Allow Web and Modern Auth rule to prompt for MFA.


Factor types should be enabled before you can use them for the MFA prompt. See Multifactor Authentication .

  1. Go to Office 365 > Sign on > Sign on Policy > Allow Web and Modern Auth rule > Edit.
  2. From the Sign on Rule dialog, go to Actions > Prompt for Factor.
  3. Select the frequency at which you want to prompt the user for MFA when accessing Office 365.
  4. Click Save.


Previous: Assign Office 365 to users and groups

Next: Integrate Office 365 in Okta