How to Fix: Block Legacy Authentication
Step-by-step guide to implement block legacy authentication in your Microsoft 365 environment.
5-10 minutes
Estimated Time
4
Steps
high
Severity
Recommended Secure
Baseline Level
Why This Matters
Legacy protocols like IMAP and POP3 cannot enforce MFA. Attackers specifically target these protocols to bypass your MFA policies. Blocking them closes a major attack vector.
Prerequisites
- 1Global Administrator or appropriate admin role in Microsoft Entra ID
- 2Access to Microsoft Entra admin center (entra.microsoft.com)
Expected Configuration
- A Conditional Access policy blocks legacy authentication protocols (IMAP, POP3, SMTP, older Office clients)
- No exceptions for legacy protocols except documented service accounts
Remediation Steps
Assess Current Identity Configuration
Review your current identity settings in Microsoft Entra ID.
- •Navigate to Microsoft Entra admin center
- •Go to Identity > Users or relevant section
- •Review current configuration
Plan Required Changes
Determine what modifications are needed.
- •Compare current state to expected configuration
- •Identify affected users or groups
- •Plan rollout strategy
Apply Configuration
Implement the required identity configuration changes.
- •Update relevant settings
- •Configure policies as needed
- •Apply changes to affected scope
Validate Changes
Confirm the configuration meets requirements.
- •Run TrueConfig scan
- •Verify expected behavior
- •Monitor for any issues
Auto-Remediation Available
TrueConfig can automatically fix this control for you. Enable auto-remediation to have this configuration applied and maintained automatically.
Learn about auto-remediationRelated Resources
Automate Your Security Configuration
TrueConfig continuously monitors your Microsoft 365 environment and can automatically fix configuration drift. Start your free trial today.
Start Free Trial