top of page
  • Writer's pictureInception Security

Why You Should Block Microsoft Legacy Authentication and How to Do It

As an IT security specialist, Inception Security understands the risks of using outdated authentication methods like Microsoft Legacy Authentication. These legacy authentication protocols, such as SMTP, POP, MAPI, and IMAP, can't enforce 2FA/MFA, making them targeted endpoints for cyber attacks. This comprehensive guide will discuss legacy authentication, why you should block it, and how to block it to ensure your business's security and protection from cyber threats.

Understanding Microsoft Legacy Authentication:

Microsoft Legacy authentication refers to older authentication protocols for signing into Microsoft applications and cloud services. These protocols lack modern security features like Multi-Factor Authentication (MFA) or Two-Factor Authentication (2FA), making them more vulnerable to unauthorized access and cyber-attacks.

Legacy Authentication vs. Modern Authentication:

Modern authentication protocols, such as ADAL and OAuth, support MFA and offer safer, more secure user authentication and authorization. In contrast, legacy authentication protocols don't support MFA, making them more susceptible to breaches and malware attacks.

Risks of Using Legacy Authentication:

Using legacy authentication exposes your business to various security risks, including:

  • Unauthorized access to sensitive data

  • Increased vulnerability to phishing and social engineering attacks

  • Inability to enforce strong authentication policies

Blocking legacy authentication is essential to safeguard your organization's security and prevent these risks.

Blocking Microsoft Legacy Authentication:

There are several methods to block legacy authentication in Microsoft 365 and related apps, including:

  • Blocking by default: This is already done at the tenant level if your Microsoft 365 or client has security defaults enabled.

  • Blocking legacy auth directly: You can also block legacy auth directly in your Microsoft 365, Azure Directory, or Exchange Online.

Blocking Legacy Authentication With Conditional Access Policy:

To block legacy authentication using a Conditional Access Policy, follow these steps:

  • Step 1: Ensure you have an Azure AD Premium P1 license

  • Step 2: Create a New (Conditional Access) Policy

  • Step 3: Input Name and Assignments

  • Step 4: Specify Cloud apps or actions

  • Step 5: Set Conditions for app use

  • Step 6: Grant and Enable policy

The Importance of Partnering with IT Security Experts:

Partnering with IT security experts like Inception Security ensures your organization's security is always up-to-date. Our team of experienced professionals can help you with the following:

  • Identify and mitigate potential security risks

  • Implement strong authentication policies

  • Regularly monitor and audit your systems for any suspicious activity


Disabling legacy authentication is crucial to securing your organization's data and systems from cyber-attacks and malicious authentication requests. Following the abovementioned steps, you can effectively block legacy authentication users and apps, enhancing your overall security posture.

At Inception Security, we are dedicated to helping organizations like yours protect their valuable assets and stay one step ahead of cyber threats. If you have any questions or need assistance in securing your systems, please do not hesitate to contact our team of experts. We are here to help.

For more tips, tricks, and solutions, check out Inception Security's Blog and Knowledge Base, where you can find a wealth of information and resources to support your organization's cybersecurity needs.


bottom of page