All Tools
Live
M365 Legacy Auth Check
Probe public Microsoft 365 endpoints to detect if Basic Authentication is still accepted on Exchange Web Services, Autodiscover, ActiveSync, and OWA. Legacy auth bypasses MFA — it's the top ransomware entry point.
Probing Microsoft 365 authentication endpoints…
Get your full domain security summary emailed to you, free
We will compile your results and send a plain-English summary with next steps.
✓ Your summary is on the way. Check your inbox.
Why legacy authentication is dangerous
Legacy authentication protocols (IMAP, POP3, SMTP AUTH, Basic Auth) do not support modern MFA challenges. When enabled, attackers can use password spray attacks against these endpoints — and since MFA isn't required, stolen credentials alone grant full access to email, files, and Teams.
Microsoft recommends blocking all legacy authentication via Azure AD Conditional Access policies. This is one of the highest-impact security improvements for any M365 tenant.