Professional Services
ID-02High

Block Legacy Authentication for Professional Services & Consulting

How professional services & consulting organizations should implement ID-02 for Microsoft 365 security and compliance.

For professional services & consulting companies using Microsoft 365, block legacy authentication is a security priority. This guide explains how ID-02 helps professional services & consulting organizations protect their identity infrastructure while meeting industry-specific compliance mandates.

Why Professional Services & Consulting Organizations Need This Control

Professional Services & Consulting organizations face specific regulatory requirements including soc2, iso27001, cis. The ID-02 control helps address these requirements by:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Industry-Specific Considerations

When implementing ID-02 in a professional services & consulting environment, consider:

  • **Regulatory requirements**: soc2, iso27001, cis may mandate specific configurations
  • **Risk tolerance**: Professional Services & Consulting organizations typically have moderate to low risk tolerance
  • **Audit frequency**: Plan for regular compliance reviews
  • **Documentation**: Maintain detailed records for regulatory inspections

How to Configure

ID-02 requires the following configuration:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Creates a Conditional Access policy blocking legacy authentication for all users

With TrueConfig, you can implement this control automatically using our one-click remediation feature.

Professional Services Compliance Requirements

Professional Services organizations must comply with these frameworks, all of which address block legacy authentication:

Why This Control Matters for Professional Services

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Common threats in professional services & consulting:

  • Client data breaches
  • Insider threats from departing consultants
  • Business email compromise

For professional services & consulting organizations, ID-02 is a key component of a compliant Microsoft 365 security posture. TrueConfig helps you implement and maintain this control while meeting industry-specific requirements.

Ready to secure your professional services Microsoft 365 environment?

TrueConfig continuously monitors your tenant against professional services best practices, including this control and 6+ others.