Legacy Authentication Usage

What this means

Legacy authentication protocols (such as POP3, IMAP, SMTP AUTH, and older Office clients) are still in use or not explicitly blocked in your tenant. These protocols do not support Multi-Factor Authentication.

Why is it a security risk?

• Legacy auth is the #1 vector for password spray attacks — attackers can bypass MFA entirely because these protocols only accept username + password.
• Microsoft data shows that over 97% of credential-stuffing attacks use legacy authentication.
• Even if you have MFA enabled, a single legacy auth endpoint negates the protection for any user that connects through it.

Recommended next steps

1. First, check current usage: go to Microsoft Entra admin center → Monitoring → Sign-in logs and filter by Client app to see which legacy protocols are in use.
2. Notify users relying on legacy clients (e.g., old Outlook, Thunderbird) to upgrade.
3. Create a Conditional Access policy to block legacy authentication for all users.
4. Disable legacy auth protocols at the Exchange Online level as an extra safeguard.