Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Level 3 Contributor

How the "Baseline policy: End user protection" will effect SMTP devices/printers

Since enabling the Baseline policy: End user protection will hit all users, how does one comply with MFA yet still allow printers to send scans as attachments over SMTP? We are a partner manager with access to the partner center portal. I understand that we can create a new policy that excludes a user (the printer) but from my understanding the requirement is to get all users in our org to comply, including the printer.

Level 2 Contributor

@JanoschUlmer thanks for the concise answer and clear distinction about how legacy authentication is involved and how Security Defaults will behave.

On a side note, I noticed Azure AD Sign-Ins is only available in AAD Premium P1 and above. It would be nice if this was available to Azure AD Free customers so they can know if they have any clients using legacy auth., before they flip the switch on Security Defaults. I know the Sign-Ins data is available because individuals can see their own through My Sign-Ins. So it's something I've asked for on uservoice. It's kind of mean trick the way it is now.

Good feedback, I agree with you that it would be great not to require Premium to check the sign-in logs.


BTW - the data is available without Premium licenses in the Graph beta version. And this is why this powershell does give the sign-in data even without AAD premium, it uses Graph Beta:


Mybe there is even some way to filter for legacy auth, have not tried.

Kind regards,
Get consultations form Technical Presales & Deployment services team via https://aka.ms/technicalservices
Level 2 Contributor

@JanoschUlmer Fantastic! I was hoping to find something like that. This is real and great value add for partners supporting their customers.