fbpx

Disable Legacy Email Protocols (POP, IMAP) – Default Setting for New Mailboxes

Introduction

Legacy email protocols POP and IMAP are prone to brute force password spray attacks which may succeed in breaching the tenant’s mailboxes.

To best protect from this, we recommend you disable legacy email protocols for all new mailboxes.

This setting should be set in conjunction with Disable SMTP Authentication for Exchange Online – Tenant Wide Setting

License Requirement

Any Exchange Online plan

User Impact

Low User Impact
New mailboxes will have POP and IMAP protocols disabled. Any attempts to connect to the mailbox using POP or IMAP protocols will be blocked from doing so.

Admin Portal Reference

This setting is switched on via PowerShell. The following cmdlets are run on the tenant’s Exchange Online.

Get-CASMailboxPlan -Filter { ImapEnabled -eq “true” -or PopEnabled -eq “true” } | Set-CASMailboxPlan -ImapEnabled $false -PopEnabled $false

If Action is set to Notify

We report the setting is compliant if all CASMailboxPlans (each Exchange Online SKU has it’s own plan) have their ImapEnabled and PopEnabled attribute set to $false.

We report the setting is non-compliant if any of the CASMailboxPlans (each Exchange Online SKU has it’s own plan) have their ImapEnabled and PopEnabled attribute set to $true.

If Action is set to Enforce

We report the setting is compliant if all CASMailboxPlans (each Exchange Online SKU has it’s own plan) have their ImapEnabled and PopEnabled attribute set to $false.

We report the setting is compliant-fixed if any of the CASMailboxPlans (each Exchange Online SKU has it’s own plan) had their ImapEnabled and PopEnabled attribute set to $true and MSPMagic has updated them to $false.

Get Started!

The first three tenants are free! No credit card required.

Sign Up