An update to Azure AD Conditional Access for

What’s changed?

On August 24th, a change will roll out that requires users to satisfy any policies set on Exchange Online and SharePoint Online when accessing For example, if a policy requiring multi-factor authentication (MFA) or a compliant device has been applied to SharePoint or Exchange, this policy will also apply to users signing into


This change addresses feedback Microsoft have gotten from customers who have noticed that some features break in when a policy is applied to Exchange or SharePoint. These include searching for documents and email, loading your customizations in the app launcher, creating new documents, and viewing your calendar.

These features access Exchange and SharePoint data, so they’re subject to Exchange and SharePoint policies. By requiring users to satisfy these policies when they access users will have access to Exchange and SharePoint data, so these features will continue to work.

What else do I need to know?

Any policies that have been applied to Exchange and SharePoint browser access will apply.
Policies set specifically for mobile and desktop applications will be skipped since is accessed through the browser. This applies to conditional access policies set through the Azure Management Portal, the “Classic” Azure Portal, and the Intune management portal.
Policies set using Office 365 MDM will not apply since they are targeted for mobile apps.
If a policy is set for Exchange and SharePoint, both policies will take effect when is accessed.
The impact

The main impact will be to users who use but have not already satisfied SharePoint and Exchange policies. In these cases, they can take the steps to satisfy policy or, in cases in which this is not an option, where users are attempting to access to install Office applications, they can do so from

Leave a Reply