ID-02: Block Legacy Authentication

Frequently asked questions about implementing and managing the ID-02 security control in Microsoft 365 and Entra ID.

Q
What is ID-02 (Block Legacy Authentication)?
A

ID-02 is a security control that legacy protocols like imap and pop3 cannot enforce mfa. attackers specifically target these protocols to bypass your mfa policies. blocking them closes a major attack vector. It requires that a conditional access policy blocks legacy authentication protocols (imap, pop3, smtp, older office clients) and no exceptions for legacy protocols except documented service accounts.

Related controls:ID-02
Q
Why is Block Legacy Authentication important for Microsoft 365 security?
A

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Related controls:ID-02
Q
How do I implement ID-02 in my tenant?
A

TrueConfig provides one-click remediation for ID-02. Creates a Conditional Access policy blocking legacy authentication for all users

Related controls:ID-02
Q
What license do I need for ID-02?
A

This control can be implemented with any Microsoft 365 subscription, including free Azure AD.

Related controls:ID-02
Q
Which security baseline includes ID-02?
A

ID-02 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.

Related controls:ID-02

5

Questions

1

Related Controls

Categorized

Related Resources

ID-02 Control Reference

Detailed documentation and implementation guidance

Identity & Authentication Controls

All controls in the Identity & Authentication category

Security Glossary

Definitions of security and Microsoft 365 terms

Still have questions?

Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.

Start Free Trial
All FAQsBrowse Controls →