Support Center

Login  Sign up

Block Legacy Authentication Alert

What are Blocked Legacy Authentication alerts

Block Legacy Authentication alerts monitor for degradation in an M365 environment's Legacy Authentications posture.

Why should I monitor Blocked Legacy Authentications

Legacy Authentication services allow accounts to completely bypass the additional security added by MFA, since these services do not understand MFA protocols.  As such, this creates a vulnerability for these accounts, since  99.9% of cyberattacks can be prevented simply by enabling MFA, as per Microsoft.  Ensuring users can't use legacy authentication protocols doesn't allow hackers to undermine your MFA posture.

Alert Logic

Hardcoded logic based on the following:

  • Logic is not evaluated at the time the integration/feature enablement.  We don't want to hammer your inbox with notifications for nothing
  • Daily comparisons evaluated(previous days record at scan time vs new record at scan time)
  • For a given user, alert is sent if a previous days record was compliant (Legacy Authentications were disabled) and the new record is non-compliant (Legacy Authentications are enabled). 
  • When a new user is added to the environment without Legacy Authentication being blocked, a notification will not be generated, as that is their baseline state.  This avoids unnecessary notifications for things like Service Accounts.

Email Notification Layout

Subject; Block Legacy Authentication Enabled Alert for <company name>

Tenant: <company name>

Discovered on: yyyy-mm-dd


Legacy Authentication was previously blocked, and is now enabled for the below account(s).




Name: <user1>

Email: <email1>

Previous State: Enabled (yyyy-mm-dd)

Current State: Disabled (yyyy-mm-dd)


Name: <user2>

Email: <email2>

Previous State: Enabled (yyyy-mm-dd)

Current State: Disabled (yyyy-mm-dd)



Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.