Most businesses assume that using Microsoft 365 and Entra ID (formerly Azure AD) means they’re secure by default.
Unfortunately, that’s not the case—especially if legacy authentication protocols are still enabled. Attackers are increasingly exploiting these outdated methods to bypass modern defenses like MFA and conditional access.
Legacy authentication includes older protocols like POP, IMAP, and SMTP, which don’t support modern security features. Even if you’ve rolled out MFA across your org, these loopholes can still allow credential-based attacks if not explicitly blocked. Worse, many tenants don’t realize legacy auth is still active until it’s too late.
Microsoft has been phasing out support for these protocols, but they may still be turned on in your tenant—especially if you migrated to Microsoft 365 years ago. Disabling legacy authentication should be a top priority for any business using Entra ID.
For a deeper dive into how these attacks work and what you can do to shut them down, check out this post from Guardz.
🔐 What to Do Next:
- Check your Entra ID tenant for legacy auth protocols (POP, IMAP, SMTP, etc.)
- Disable unused protocols at the tenant level—don’t rely on user settings
- Create a Conditional Access policy to block legacy authentication globally
- Audit sign-in logs for legacy protocol use (you might be surprised)
- Ensure all users are fully enrolled in MFA and Conditional Access policies