When trying to perform Test API Credentials with the Microsoft Office 365 app, the provisioning feature is returning:
Could not communicate with Office 365 to validate your credentials, received error: 400 Authentication Error: Bad username or password.
Azure Active Directory Authentication and Authorization error code:
AADSTS53003: BlockedByConditionalAccess - Access has been blocked by Conditional Access policies. The access policy does not allow token issuance
- Microsoft Office 365
- AAD Conditional Access
- Legacy Authentication
- Okta Classic Engine
Conditional Access: Block legacy authentication was enabled by default
NOTE: If the Azure Active Directory tenant was created on or after October 22, 2019, it is possible to experience the new secure-by-default behavior and already have security defaults enabled in the tenant. In an effort to protect all of our users, security defaults are being rolled out to all new tenants created.
Option 1: Disable Baseline policy: Block legacy authentication.
Option 2: Exclude the Microsoft Office 365 Global administrator account used in the federation in Okta.
- Sign in to the Azure portal as a global administrator, security administrator, or conditional access administrator.
- In the Azure portal, on the left navbar, click Azure Active Directory.
- On the Azure Active Directory page, in the Security section, click Conditional access.
- In the list of policies, click a policy that starts with the Baseline policy: Block legacy authentication.
- To exclude the administrator account, select Exclude users.
- Click Save.
