Skip to page content
Client Hub Tel 01892 830111

Microsoft to retire legacy authentication for Office 365

Published 20 Sep 2022

Did you know that Microsoft are retiring legacy authentication (Legacy Auth) for Office 365 starting in October 2022? Or are you wondering what Legacy Auth is? Let’s start there…

What is Legacy Auth?

Legacy Auth are authentication protocols that do not support Multi-Factor Authentication (MFA). If you’re not sure what MFA is check out our blog about choosing an MFA solution. The legacy protocols we’re talking about include:

  • POP
  • IMAP
  • MAPI

So, why are Microsoft doing this?

In a nutshell, Microsoft are doing this to step up the security of their customers, and looking at the below list you can see why:

  • More than 99% of password spray attacks use legacy authentication protocols
  • More than 97% of credential stuffing attacks use legacy authentication
  • Azure AD accounts in organisations that have disabled legacy authentication experience 67% fewer compromises than those where legacy authentication is enabled

How will this affect me?

If you’re using the latest version of Microsoft Outlook on your devices, this change wont have any affect on you individually. However, if you are using the built-in mail apps on your devices you’ll need to make a switch as soon as you can. Switching to Microsoft Outlook is the easiest option and you can follow the links below to download this on either Android or iOS. There may be other mail apps that support MFA, but we can’t recommend them (Satya’s spies are everywhere! ?).

On Samsung? This is what your in-built email app might look like. You can download Microsoft Outlook from Google Player.

On iOS? This is what your in-built email app might look like. You can download Microsoft Outlook from the App Store.

How will this affect my business?

Your business may have apps or services that use Legacy Auth. We’re currently working with our clients to identify and review these situations. In the short term whilst Microsoft is planning to introduce these changes in October, they can be rolled back temporarily until January 2023, at which point, Legacy Auth will be united with ‘old yella. So it’s very important that you start to move away from Legacy Auth as soon as you can. This will likely involve updating or replacing the apps which use them.

If you’re concerned at all about the changes regarding Legacy Auth in your business, feel free to get in touch and we’ll be happy to help.


Contact Us