在启用了MFA和应用密码的ActiveSync客户端上的条件访问 [英] Conditional Access on ActiveSync client with MFA enabled and App Password
问题描述
大家好
当使用MFA和应用密码在ActiveSync设备上应用条件访问时,我们遇到了奇怪的情况.我们收到以下消息:
We are having strange situation when apply Conditional access on ActiveSync devices with MFA and App Password. We are getting the following msg:
您的电子邮件访问权限已被阻止-您收到此消息是因为您的IT部门已阻止您的电子邮件访问.这可能 由于诸如网络位置之类的临时条件.
Your email access has been blocked - you're receiving this msg because your IT department has blocked your email access. This could be due to temporary conditions like your network location.
我有我的位置设置正确,我的条件如下:所有用户,所有云应用程序,所有平台,任何位置,3个除外 (我的家庭IP和2个工作受信任的IP),除仅将策略仅应用到支持的平台上"之外的所有客户端应用程序,所有设备状态,访问控制–使用多个控件阻止访问需要所选控件之一"
I have my locations set correctly and my conditions are as follow: All users, All cloud apps, All platforms, Any locations and 3 excluded (my home IP and 2 work trusted IPs), Client Apps all but "Apply policy only to supported platforms" , all device state, Access control – block access with for multiple controls "Require one of the selected controls"
唯一的方法如果您位于设置为MFA可信位置的位置,则访问ActiveSync-在所有其他位置,访问权限为
The only way to access ActiveSync is if you're at location which is set as MFA trusted location - at all other locations access is blocked.
有人可以确认这是设计使然还是我做错了!
推荐答案
是的,如果您将其设置为任何位置",则该方法适用于受信任的位置.就像你说的.我确定您已经看过
参考指南.
如果您认为这是产品错误,请在
用户语音,产品团队将对此进行处理.
Yes, this should work for trusted locations if you have it set to "Any Location" like you said. I'm sure you have already seen the
reference guide.
If you believe this to be a product bug, please report this in
User Voice and the product team will work on it.
-您的订阅没有过期.
-用户帐户已启用.
-用户帐户未锁定.
-使用正确的用户名和密码.
-密码不是临时密码. (如果用户帐户是新帐户,或者密码最近被重置,则可能会发生此问题.)
-密码未过期.
-您没有被阻止登录.
-如果您是联盟用户,则单点登录(SSO)可以正常工作.
- Your subscription isn't expired.
- The user account is enabled.
- The user account isn't locked out.
- The correct user name and password are used.
- The password isn't a temporary password. (This issue may occur if the user account is a new account or if the password was recently reset.)
- The password isn't expired.
- You're not blocked from signing in.
- If you're a federated user, single sign-on (SSO) is working.
要进行故障排除,请访问https://manage.windowsazure.com/?whr=azure.com.
这篇关于在启用了MFA和应用密码的ActiveSync客户端上的条件访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
