By now, you should already know the Conditional Access feature provided with Azure AD, helping you defining conditions to authorize access to applications/resources – like requesting multi factor authentication when outside of the corporate network.
You should also know that legacy authentication endpoints (like SMTP, POP or IMAP) should be blocked.
Well, an important update has been introduced on Conditional Access policies which made any new policy being automatically applied to all client application, including these legacy endpoints (client apps).
Which means if you need to exclude the policy to apply to these legacy you will need to add it as an exclusion to the policy.
![image_thumb[1]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb1-239.png "image_thumb[1]")
Don’t forget you can also get reports on usage of these legacy applications using the sign-ins reporting capability using the application filter
![image_thumb[3]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb3-145.png "image_thumb[3]")
![image_thumb[2]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb2-184.png "image_thumb[2]")
