Financial Services
ID-02High

Block Legacy Authentication for Financial Services & Banking

How financial services & banking organizations should implement ID-02 for Microsoft 365 security and compliance.

For financial services & banking companies using Microsoft 365, block legacy authentication is a security priority. This guide explains how ID-02 helps financial services & banking organizations protect their identity infrastructure while meeting industry-specific compliance mandates.

Why Financial Services & Banking Organizations Need This Control

Financial Services & Banking organizations face specific regulatory requirements including soc2, pci-dss, nist-800-53, iso27001. The ID-02 control helps address these requirements by:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Industry-Specific Considerations

When implementing ID-02 in a financial services & banking environment, consider:

  • **Regulatory requirements**: soc2, pci-dss, nist-800-53 may mandate specific configurations
  • **Risk tolerance**: Financial Services & Banking organizations typically have moderate to low risk tolerance
  • **Audit frequency**: Plan for regular compliance reviews
  • **Documentation**: Maintain detailed records for regulatory inspections

How to Configure

ID-02 requires the following configuration:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Creates a Conditional Access policy blocking legacy authentication for all users

With TrueConfig, you can implement this control automatically using our one-click remediation feature.

Financial Services Compliance Requirements

Financial Services organizations must comply with these frameworks, all of which address block legacy authentication:

Why This Control Matters for Financial Services

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Common threats in financial services & banking:

  • Account takeover attacks
  • Insider trading through unauthorized access
  • Wire fraud via business email compromise

For financial services & banking organizations, ID-02 is a key component of a compliant Microsoft 365 security posture. TrueConfig helps you implement and maintain this control while meeting industry-specific requirements.

Ready to secure your financial services Microsoft 365 environment?

TrueConfig continuously monitors your tenant against financial services best practices, including this control and 7+ others.