Secure Score How-To Demo

← Back to Secure Score Hub

How to Block Legacy Authentication in Microsoft 365

Last updated: March 2026

A clean, search-friendly page for a /secure-score/ cluster. It answers the task quickly, explains why the setting matters, and stays light enough to match informational intent.

Jump to stepsSee FAQ
This is a how-to page first. The CTA stays soft, the structure stays clean, and the cluster links do the heavy lifting.

What you'll achieve

Safer sign-insReduce exposure from outdated authentication methods.
Better controlStrengthen Conditional Access and identity protection posture.
Score upliftSupport Microsoft Secure Score improvement with a clear action path.

Why this setting matters

Legacy authentication is one of those quiet problems. Nothing looks obviously broken, but older protocols can bypass the modern controls you actually want protecting Microsoft 365, Microsoft Entra ID, Exchange Online, and broader identity workflows.

  • It can weaken MFA enforcement.
  • It increases account compromise risk.
  • It is commonly tied to Secure Score uplift opportunities.
Blocking legacy authentication is one of the most common Secure Score improvement actions because it removes older access paths that attackers love abusing.

Before you start

  • Admin access to Microsoft 365 or Microsoft Entra.
  • Access to Microsoft Entra sign-in logs.
  • Conditional Access available in the tenant.
  • Awareness of any older apps, devices, scripts, or printers that still depend on outdated protocols.

Step-by-step

Use these five steps to review, block, test, and confirm the change properly.

1
Screenshot required

Review sign-in methods

Start with Microsoft Entra sign-in logs to see whether legacy authentication is still showing up in the tenant. This gives you evidence before you touch policy.

Review sign-in methods
2
Screenshot required

Identify impacted users

Check which users, apps, or devices still rely on those older protocols. This is the bit that saves you from breaking something quietly sitting in the corner of the business.

Identify impacted users
3
Screenshot required

Create Conditional Access policy

Create a Conditional Access policy that blocks legacy authentication while allowing modern authentication to continue as normal. Keep the rule easy to audit later.

Create Conditional Access policy
4
Screenshot required

Test rollout

Validate policy impact before broad enforcement. Check for expected blocks, confirm exceptions only where necessary, and avoid turning temporary workarounds into permanent mess.

Test rollout
5
Screenshot required

Monitor and refine

Review logs after deployment and track whether the recommendation is now addressed in your Secure Score improvement workflow. Tidy exclusions once confidence is high.

Monitor and refine

How to confirm it worked

  • Review Microsoft Entra sign-in logs after rollout.
  • Check whether legacy sign-in attempts are being blocked.
  • Confirm older apps were either replaced, updated, or intentionally exempted.
  • Track whether the recommendation is now resolved in your Secure Score action list.

Related Secure Score fixes

These links help the cluster make sense to both users and search engines.

Enable MFA for admin rolesBlock email forwardingCreate an anti-phishing policyView all Secure Score fixes

FAQ

What is legacy authentication?

Legacy authentication refers to older sign-in methods that do not properly support MFA or Conditional Access.

Why block legacy authentication?

Because attackers often target weaker protocols. Blocking them reduces avoidable risk and supports Microsoft Secure Score improvement.

Will this break anything?

It can affect older apps or devices that still rely on outdated protocols, which is why dependency review should come first.

Will this improve Secure Score?

Yes, blocking legacy authentication is a common recommendation that helps strengthen identity security and contributes to Secure Score improvements.

Where do I check legacy authentication usage?

You can review Microsoft Entra sign-in logs to identify authentication methods and detect legacy protocol usage.

Need help reviewing your Microsoft 365 security?

Keep the article educational, then offer one clean next step for businesses that want help prioritising their Secure Score recommendations.

Book a quick reviewView the Secure Score hub