<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Enable Additional Security Measures for Hybrid AAD Join
Aug 22, 2024
Single Sign-On
Okta Classic Engine
Okta Identity Engine
Overview

This article describes how to enable additional security measures for Hybrid AAD Join.

Applies To
  • Hybrid AAD Join
Solution

  1. Enable Conditional Access

    1. This is performed via the Azure administrative console and will deny access to any device that is not Hybrid Azure AD joined.

    2. Please refer to the Require Hybrid Azure AD joined devices section in the following guide: How To: Require managed devices for cloud app access with Conditional Access.

  2. Leverage Device Trust

    1. If Windows Device Trust has not yet been configured, refer to the following guide: Enforce Okta Device Trust for managed Windows computers.

    2. In the Office 365 application, create a sign-on policy that allows access to devices using Legacy Authentication.

      1. In the Okta Admin Console, click Applications.

      2. Find and click the desired Office 365 application.

      3. Click the Sign On tab.

      4. In the Sign On Policy section, edit an existing rule or click Add Rule to create a new one.

      5. In the Client > If the user's client is any of these section, ensure that Exchange ActiveSync/Legacy Auth is checked.

      6. In the Device Trust section, ensure that Trusted is checked.

      7. Click Save.

Recommended content

Still looking for help?
Loading
Enable Additional Security Measures for Hybrid AAD Join