Technology
ID-02High

Block Legacy Authentication for Technology & Software

How technology & software organizations should implement ID-02 for Microsoft 365 security and compliance.

For technology & software companies using Microsoft 365, block legacy authentication is a security priority. This guide explains how ID-02 helps technology & software organizations protect their identity infrastructure while meeting industry-specific compliance mandates.

Why Technology & Software Organizations Need This Control

Technology & Software organizations face specific regulatory requirements including soc2, iso27001, cis. The ID-02 control helps address these requirements by:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Industry-Specific Considerations

When implementing ID-02 in a technology & software environment, consider:

  • **Regulatory requirements**: soc2, iso27001, cis may mandate specific configurations
  • **Risk tolerance**: Technology & Software organizations typically have moderate to low risk tolerance
  • **Audit frequency**: Plan for regular compliance reviews
  • **Documentation**: Maintain detailed records for regulatory inspections

How to Configure

ID-02 requires the following configuration:

  • A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
  • No exceptions for legacy protocols except documented service accounts

Creates a Conditional Access policy blocking legacy authentication for all users

With TrueConfig, you can implement this control automatically using our one-click remediation feature.

Technology Compliance Requirements

Technology organizations must comply with these frameworks, all of which address block legacy authentication:

Why This Control Matters for Technology

Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.

Common threats in technology & software:

  • Source code theft and IP exfiltration
  • Supply chain attacks through dependencies
  • Credential compromise in CI/CD pipelines

For technology & software organizations, ID-02 is a key component of a compliant Microsoft 365 security posture. TrueConfig helps you implement and maintain this control while meeting industry-specific requirements.

Ready to secure your technology Microsoft 365 environment?

TrueConfig continuously monitors your tenant against technology best practices, including this control and 6+ others.