Microsoft is sunsetting Legacy Authentication Protocols. It’s no secret, this is long overdue. They open you up to the easiest hacks, in fact, more than 99 percent of password spray attacks use legacy authentication protocols.

So what’s holding you back? Do you even know who is using legacy protocols in your Microsoft 365 tenant? The biggest culprit is people connecting to their Exchange Online mailbox using an iOS device.

The time is NOW to disable legacy protocols!

Does this sound like a daunting task in your complex environment? Don’t fret! CoreView has you covered. Register now to hear how you can:

  • SEE which mailboxes are still using legacy protocols
  • MANAGE the transition with confidence using clear KPIs
  • AUTOMATE reporting so you can sleep peacefully

Don’t get caught with your legacy protocols down!

Legacy authentication - what is it? It's essentially any mechanism that does not support multifactor authentication (MFA) or modern authentication. But it is all about security.

Why is it important? 

  • 99% of password spray attacks use legacy authentication protocols
  • 80% of accounts and organizations that have disabled legacy authentication experience 67% fewer compromises, then those where it is enabled

What are security defaults? 

It requires administrators to use multifactor authentication. It blocks legacy protocols, requiring users to perform multifactor authentication when necessary. It also protects privileged activities like access to the Azure portal.  

But why wouldn't you just enable security defaults? 

It's tenant wide - so it is imperative to make sure you know if users aren't using it. Microsoft recommends that if you have complex security requirements, using conditional access, or you have Azure active directory premium, that you not use security defaults and use conditional access instead.

If you have older PowerShell scripts, they're going to be using some of those legacy authentications, especially if you're going against Exchange.

What about printers or multifunction devices where you scan it and have the PDF emailed. They're probably using SMTP authentication.

There's a number of reasons why you might need to add those exceptions and have that support there. Especially if it's mission-critical. 

If you have Office 2013, you can enforce modern authentication, but you have to update the registry. Office 2010 does not support modern authentication. If you have users out there, or, you know, if your corporate standard is still Office 2010, you have to leave it enabled for now.

Although there might be a business reason for using Office 2010, but you can also make a security argument for why it's putting your company, your tenant, and your data at risk. 

There are a couple ways that you can check in Microsoft.  

  1. Go to Azure Active Directory
  2. Sign-ins > legacy authentication clients
  3. Filter and extend the date range
  4. Provides a list of people who are logging in using one of the selected legacy authentication methods
  5. Once identified you can enable security defaults.

Another way is conditional access policies. (This does require Azure Active Directory Premium). 

Final method is per user. Where you can go in and enforce multifactor authentication at the user account level. And then the next time they log in, they have to use MFA. 

How can CoreView help? 

CoreSuite acts as a layer between IT administrators and Microsoft 365. We provide a single admin interface that unlocks enormous value.

We start by importing every scrap of siloed data from your M365 tenant, organizing it, and keeping it up to date. Our Hybrid connector can pull in on-premises data as well. Now everything is in one place.

CoreSuite replaces all the admin centers in Microsoft 365. This gives IT teams the power to manage M365 with more efficiency, more control, and more security.

Ready to Conquer Microsoft 365?

Request a Demo