Legacy authentication refers to authentication protocols that don't support modern authentication features like MFA, Conditional Access, or device compliance checks.
- *Legacy protocols include:
- IMAP (email)
- POP3 (email)
- SMTP AUTH (email sending)
- Exchange ActiveSync (older mobile email)
- Older Office versions (Office 2010 and earlier)
- AutoDiscover
- Exchange Web Services (older clients)
- PowerShell using Basic Auth
- MAPI over HTTP (Outlook older versions)
Why legacy auth is dangerous:
1. Cannot enforce MFA - These protocols only support username/password
2. Password spray target - Attackers test stolen credentials against these endpoints
3. Bypasses Conditional Access - Most CA policies don't apply
4. No modern security signals - No device compliance, risk detection, or location policies
Attack scenario:
1. Attacker obtains credentials (phishing, dark web purchase)
2. Tests against modern auth → blocked by MFA
3. Tests against IMAP/POP3 → succeeds!
4. Reads all email, sets up forwarding rules
5. May go undetected for weeks
How to block legacy auth:
1. Audit current usage - Check sign-in logs for legacy auth
2. Migrate dependencies - Update apps and devices
3. Create Conditional Access policy to block legacy auth
4. Enable Security Defaults (includes legacy auth blocking)
TrueConfig control CA-09 monitors your legacy authentication blocking status.