CT · NY · NJ · Stamford HQ

Legacy authentication refers to older sign-in methods that often cannot enforce modern MFA challenges the way interactive browser/app auth can. Attackers still spray credentials against these endpoints.

Why it matters

If legacy auth is allowed, a stolen password may still work even when “MFA is on” for modern clients.

How to approach blocking it

  1. Identify which apps still use legacy protocols (mail clients, line-of-business tools)
  2. Upgrade or reconfigure those apps
  3. Block legacy auth with Conditional Access once clear

Want this applied in your tenant?

Book a free 15-minute review. We can walk your Microsoft 365 and identity posture and recommend a sensible next step—including ImpetraInsights™ when a formal baseline helps.