{"id":260,"date":"2022-01-13T17:39:11","date_gmt":"2022-01-13T15:39:11","guid":{"rendered":"https:\/\/greg.klonis.gr\/?p=260"},"modified":"2022-01-13T17:39:12","modified_gmt":"2022-01-13T15:39:12","slug":"how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","status":"publish","type":"post","link":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","title":{"rendered":"How to block legacy authentication protocols using Azure AD Conditional Access policy"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"181\" height=\"171\" src=\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\" alt=\"\" class=\"wp-image-261\"\/><\/figure>\n\n\n\n<p>While i was working with a customer and this was one of their needs, i decided to blog on how i deployed.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>At first, what&#8217;s legacy authentication and why i need to block these protocols?<\/strong><\/p>\n\n\n\n<p>Legacy authentication is a term that refers to an authentication request made by:<\/p>\n\n\n\n<p>Older Office clients that do not use modern authentication (for example, Office 2010 client)<br>Any client that uses legacy mail protocols such as IMAP\/SMTP\/POP3.<\/p>\n\n\n\n<!--more-->\n\n\n\n<p>Today, the majority of all compromising sign-in attempts come from legacy authentication. Legacy authentication does not support multi-factor authentication (MFA). Even if you have an MFA policy enabled on your directory, a bad actor can authenticate using a legacy protocol and bypass MFA. The best way to protect your account from malicious authentication requests made by legacy protocols is to block these attempts altogether.<\/p>\n\n\n\n<p class=\"has-medium-font-size\"><strong>How to block legacy authentication?<\/strong><\/p>\n\n\n\n<p>By using a Conditional Access policy we can block all sign-ins utilizing legacy authentication protocols.<\/p>\n\n\n\n<p>Now i will show you the steps that I did to successfully implement a Conditional Access policy blocking legacy authentication with no impact on users or services.<\/p>\n\n\n\n<p>Go to Azure AD Portal and clicked Security -> Conditional Access, then clicked + New policy -> Create new policy from template. I then chose the following options:<\/p>\n\n\n\n<p>Select a template category: <strong>Identities<\/strong><br>Select template: <strong>Block legacy authentication<\/strong><br>Policy state: <strong>Off<\/strong><\/p>\n\n\n\n<p>Once the Conditional Access policy was deployed I opened it and verified the configuration. I confirmed that the policy will only impact legacy authentication for users in scope, and block matching sign-ins once the policy is enabled:<\/p>\n\n\n\n<p>Assignments: <strong>All users included and specific users excluded (my admin account is excluded)<\/strong><br>Cloud apps or actions: <strong>All cloud apps<\/strong><br>Conditions: <strong>1 condition selected (Client apps: Exchange ActiveSync clients, Other Clients)<\/strong><br>Grant: <strong>Block access<\/strong><\/p>\n\n\n\n<p>Since I was sure that everything is correct i just enabled the policy. In order to test it i was opened the sign-in blade and i checked the logs.<\/p>\n\n\n\n<p>I hope to find this useful!<\/p>\n\n\n\n<p>Thanks, Greg!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>While i was working with a customer and this was one of their needs, i decided to blog on how i deployed. At first, what&#8217;s legacy authentication and why i need to block these protocols? Legacy authentication is a term that refers to an authentication request made by: Older Office clients that do not use &hellip; <a href=\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;How to block legacy authentication protocols using Azure AD Conditional Access policy&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[22,52,26],"class_list":["post-260","post","type-post","status-publish","format-standard","hentry","category-microsoft-azure-cloud","tag-azure","tag-azure-ad","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog\" \/>\n<meta property=\"og:description\" content=\"While i was working with a customer and this was one of their needs, i decided to blog on how i deployed. At first, what&#8217;s legacy authentication and why i need to block these protocols? Legacy authentication is a term that refers to an authentication request made by: Older Office clients that do not use &hellip; Continue reading &quot;How to block legacy authentication protocols using Azure AD Conditional Access policy&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\" \/>\n<meta property=\"og:site_name\" content=\"Gregory Klonis IT Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/gklonis\/\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/gklonis\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-13T15:39:11+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-13T15:39:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\" \/>\n<meta name=\"author\" content=\"gklonis\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@gklonis\" \/>\n<meta name=\"twitter:site\" content=\"@gklonis\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"gklonis\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#article\",\"isPartOf\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\"},\"author\":{\"name\":\"gklonis\",\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04\"},\"headline\":\"How to block legacy authentication protocols using Azure AD Conditional Access policy\",\"datePublished\":\"2022-01-13T15:39:11+00:00\",\"dateModified\":\"2022-01-13T15:39:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\"},\"wordCount\":344,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04\"},\"image\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\",\"keywords\":[\"Azure\",\"Azure AD\",\"Security\"],\"articleSection\":[\"Microsoft Azure\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\",\"url\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\",\"name\":\"How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog\",\"isPartOf\":{\"@id\":\"https:\/\/greg.klonis.gr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage\"},\"image\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage\"},\"thumbnailUrl\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\",\"datePublished\":\"2022-01-13T15:39:11+00:00\",\"dateModified\":\"2022-01-13T15:39:12+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage\",\"url\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\",\"contentUrl\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png\",\"width\":181,\"height\":171},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/greg.klonis.gr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to block legacy authentication protocols using Azure AD Conditional Access policy\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/greg.klonis.gr\/#website\",\"url\":\"https:\/\/greg.klonis.gr\/\",\"name\":\"Gregory Klonis IT Blog\",\"description\":\"IT Infrastructure Blog\",\"publisher\":{\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/greg.klonis.gr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04\",\"name\":\"gklonis\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2025\/03\/cropped-Removal-489.png\",\"contentUrl\":\"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2025\/03\/cropped-Removal-489.png\",\"width\":240,\"height\":136,\"caption\":\"gklonis\"},\"logo\":{\"@id\":\"https:\/\/greg.klonis.gr\/#\/schema\/person\/image\/\"},\"sameAs\":[\"http:\/\/greg.klonis.gr\",\"https:\/\/www.facebook.com\/gklonis\/\",\"https:\/\/www.linkedin.com\/in\/gklonis\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","og_locale":"en_US","og_type":"article","og_title":"How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog","og_description":"While i was working with a customer and this was one of their needs, i decided to blog on how i deployed. At first, what&#8217;s legacy authentication and why i need to block these protocols? Legacy authentication is a term that refers to an authentication request made by: Older Office clients that do not use &hellip; Continue reading \"How to block legacy authentication protocols using Azure AD Conditional Access policy\"","og_url":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","og_site_name":"Gregory Klonis IT Blog","article_publisher":"https:\/\/www.facebook.com\/gklonis\/","article_author":"https:\/\/www.facebook.com\/gklonis\/","article_published_time":"2022-01-13T15:39:11+00:00","article_modified_time":"2022-01-13T15:39:12+00:00","og_image":[{"url":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png","type":"","width":"","height":""}],"author":"gklonis","twitter_card":"summary_large_image","twitter_creator":"@gklonis","twitter_site":"@gklonis","twitter_misc":{"Written by":"gklonis","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#article","isPartOf":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy"},"author":{"name":"gklonis","@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04"},"headline":"How to block legacy authentication protocols using Azure AD Conditional Access policy","datePublished":"2022-01-13T15:39:11+00:00","dateModified":"2022-01-13T15:39:12+00:00","mainEntityOfPage":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy"},"wordCount":344,"commentCount":0,"publisher":{"@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04"},"image":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage"},"thumbnailUrl":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png","keywords":["Azure","Azure AD","Security"],"articleSection":["Microsoft Azure"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#respond"]}]},{"@type":"WebPage","@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","url":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy","name":"How to block legacy authentication protocols using Azure AD Conditional Access policy &#8226; Gregory Klonis IT Blog","isPartOf":{"@id":"https:\/\/greg.klonis.gr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage"},"image":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage"},"thumbnailUrl":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png","datePublished":"2022-01-13T15:39:11+00:00","dateModified":"2022-01-13T15:39:12+00:00","breadcrumb":{"@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#primaryimage","url":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png","contentUrl":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2022\/01\/image.png","width":181,"height":171},{"@type":"BreadcrumbList","@id":"https:\/\/greg.klonis.gr\/index.php\/how-to-block-legacy-authentication-protocols-using-azure-ad-conditional-access-policy#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/greg.klonis.gr\/"},{"@type":"ListItem","position":2,"name":"How to block legacy authentication protocols using Azure AD Conditional Access policy"}]},{"@type":"WebSite","@id":"https:\/\/greg.klonis.gr\/#website","url":"https:\/\/greg.klonis.gr\/","name":"Gregory Klonis IT Blog","description":"IT Infrastructure Blog","publisher":{"@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/greg.klonis.gr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/94626c43ab702708882d359305b7fd04","name":"gklonis","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/image\/","url":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2025\/03\/cropped-Removal-489.png","contentUrl":"https:\/\/greg.klonis.gr\/wp-content\/uploads\/2025\/03\/cropped-Removal-489.png","width":240,"height":136,"caption":"gklonis"},"logo":{"@id":"https:\/\/greg.klonis.gr\/#\/schema\/person\/image\/"},"sameAs":["http:\/\/greg.klonis.gr","https:\/\/www.facebook.com\/gklonis\/","https:\/\/www.linkedin.com\/in\/gklonis\/"]}]}},"_links":{"self":[{"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/posts\/260","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/comments?post=260"}],"version-history":[{"count":1,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/posts\/260\/revisions"}],"predecessor-version":[{"id":262,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/posts\/260\/revisions\/262"}],"wp:attachment":[{"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/media?parent=260"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/categories?post=260"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/greg.klonis.gr\/index.php\/wp-json\/wp\/v2\/tags?post=260"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}