How the "Baseline policy: End user protection" will effect SMTP devices/printers
Since enabling the Baseline policy: End user protection will hit all users, how does one comply with MFA yet still allow printers to send scans as attachments over SMTP? We are a partner manager with access to the partner center portal. I understand that we can create a new policy that excludes a user (the printer) but from my understanding the requirement is to get all users in our org to comply, including the printer.
On a side note, I noticed Azure AD Sign-Ins is only available in AAD Premium P1 and above. It would be nice if this was available to Azure AD Free customers so they can know if they have any clients using legacy auth., before they flip the switch on Security Defaults. I know the Sign-Ins data is available because individuals can see their own through My Sign-Ins. So it's something I've asked for on uservoice. It's kind of mean trick the way it is now.
Good feedback, I agree with you that it would be great not to require Premium to check the sign-in logs.
BTW - the data is available without Premium licenses in the Graph beta version. And this is why this powershell does give the sign-in data even without AAD premium, it uses Graph Beta:
Mybe there is even some way to filter for legacy auth, have not tried.