This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 82%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVS%3C/text%3E%3C/svg%3E)
How to check whether we should block legacy authentication in our tenant for org-wide. Also we got an security recommendation under M365 defender for secure score that we should block legacy authentication to improve secure score as we are in pure Exchange online and don't have any on-premises footprint?
use a conditional access policy: https://learn.microsoft.com/en-us/azure/active-directory/conditional-access/block-legacy-authentication
Thanks @Andy David - MVP , I am aware about creating CA policy to disable it but my query is how I can check whether we should disable it org-wide or not?
Yes, if you mean should you block it org-wide then yes. Not sure what you mean by checking it however.
I mean to say whether are there any criteria's for our tenant to check if that's meeting or not if yes then we would do it but also need to check apps are using those legacy authentication protocols and if we block then suddenly it will impact the user access and productivity. @Andy David - MVP
You can check the sign in logs: https://jussiroine.com/2021/01/discovering-and-blocking-legacy-authentication-in-your-azure-and-microsoft-365-subscriptions/ But since basic auth is already disabled in Exchange Online, you should be good. If you are requiring MFA for all your accounts, then you are arent using basic auth by definition :)
Thanks @Andy David - MVP , I will check these all the steps and sign in logs also to be sure and we can work on it.