It’s a pretty common situation: organizations spend their resources on maintaining legacy software and legacy protocols. Today, this is often supported by hybrid domain joined devices and Microsoft Azure AD. But did you know that this can actually lead to a lax security posture? In this type of setup, any time your users log in to a Windows 10 device, it will request and receive a primary refresh token (PRT) without any prompt for multi-factor authentication (MFA). This is because Azure AD uses basic rather than modern authentication so as to support legacy protocols. This also applies to older protocols such as WS Trust. This means that traffic destined for your domain requires only a username and password to obtain access—and with the high volume of data breaches that occur today, that’s just not enough. Fortunately, Okta understands this need. With our Custom User Agent String available in the O365.