Legacy Authentication — Solving Microsoft 365

Legacy authentication in the Microsoft 365 context means the old authentication protocols that predate modern OAuth-based authentication — POP3, IMAP4, SMTP AUTH with basic credentials, MAPI over HTTP basic, Exchange ActiveSync basic, Office 2010/2013 with legacy auth. These protocols can't enforce MFA — they only accept username and password — so they're a bypass route around your Conditional Access policies. Microsoft has progressively disabled legacy auth for most services since 2022. A Conditional Access policy blocking legacy authentication is item one on every modern security baseline. The replacement is modern authentication (OAuth 2.0), which supports MFA, CAE, and the rest of the modern security stack.