Secure Office 365 using app sign-on policies
The default sign-on rule for Office 365 is different than other apps in Okta. This rule denies access to all clients from any network. It cannot be modified. This prevents clients that use Legacy Authentication from accessing Office 365.
The other Okta-provided rule allows access to only web browsers and apps that support Modern Authentication. Modern authentication is a term for a combination of authentication and authorization methods. These methods can include multifactor authentication (MFA), clientEssentially, a client is anything that talks to the Okta service. Within the traditional client-server model, Okta is the server. The client might be an agent, an Okta mobile app, or a browser plugin. certification-based authentication, Azure Active Directory Authentication Library (ADAL), and Open Authorization (OAuth).
You can edit this rule to make it more stringent. Alternatively, you can add another to allow clients using Legacy Authentication (not recommended). For more information about appAn abbreviation of application. Essentially, it is a web-based site used to perform any number of specific tasks, and requires authentication from end users by signing in. sign on policies, see Office 365 Client Access Policies.
Edit sign-on rule to prompt for MFA
You can edit Allow Web and Modern Auth rule to prompt for MFA.
Factor types should be enabled before you can use them for the MFA prompt. For more information, see Multifactor Authentication .
- Go to Office 365 > Sign on > Sign on Policy > Allow Web and Modern Auth rule > Edit.
- From the Sign on Rule dialog, go to Actions > Prompt for Factor.
- Select the frequency at which you want to prompt the user for MFA when accessing Office 365.
- Click Save.