CA-SD02: Block legacy authentication


Block legacy authentication endpoints that can be used to bypass multi-factor authentication.


This targets all accounts in the Tenant

User Impact


Users, Applications and Devices which are accessing Exchange Online with clients that do not support Modern Authentication will not be able to connect.

We highly recommend prior to turning this setting on that you check your tenant to ensure no accounts are logging in via Basic Authentication. The best way to do that is to log into the Azure Active Directory portal and navigate to “Sign-ins”.


Template Category: Identity Protection (Security Defaults)


Users and Groups

Includes– All Users
Excluded– None

Cloud Apps or actions

Cloud Apps– All apps

Client Apps

Legacy Authentication Clients– Exchange ActiveSync Clients
– Other Clients


Access Control

Block– All Access

Get Started!

The first three tenants are free! No credit card required.

Sign Up