CA-SD02: Block legacy authentication
Introduction
Block legacy authentication endpoints that can be used to bypass multi-factor authentication.
Targets
This targets all accounts in the Tenant
User Impact
HIGH
Users, Applications and Devices which are accessing Exchange Online with clients that do not support Modern Authentication will not be able to connect.
We highly recommend prior to turning this setting on that you check your tenant to ensure no accounts are logging in via Basic Authentication. The best way to do that is to log into the Azure Active Directory portal and navigate to “Sign-ins”.
Basics
Template Category: Identity Protection (Security Defaults)
Assignments
Users and Groups
Includes | – All Users |
Excluded | – None |
Cloud Apps or actions
Cloud Apps | – All apps |
Client Apps
Legacy Authentication Clients | – Exchange ActiveSync Clients – Other Clients |
Conditions
Access Control
Block | – All Access |