- Product
Product Overview
Sophisticated security with unmatched simplicityCloud SIEM
Pre-configured detections across your environmentHoneypots
Deception technology to detect lateral movementEndpoint Visibility
Real-time monitoring with added detection & responseSecurity Reports
Data visualizations, compliance reports, and executive summariesAutomated Response
Detect, prioritize, and neutralize threats around the clockIntegrations
Cloud, on-prem, and open API connectionsXDR Platform
A complete view to identify risk, and things operational
- Pricing
- Why Blumira
Why Blumira
The Security Operations platform IT teams loveWatch A Demo
See Blumira in action and how it builds operational resilienceUse Cases
A unified security solution for every challengePricing
Unlimited data and predictable pricing structureCompany
Our human-centered approach to cybersecurityCompare Blumira
Find out how Blumira stacks up to similar security toolsIntegrations
Cloud, on-prem, and open API connectionsCustomer Stories
Learn how others like you found success with Blumira
- Solutions
- Partners
- Resources
August 9, 2022
Starting in October 2022, Microsoft will start deprecating legacy and basic authentication, even if it is still in use. This change was originally announced in 2019 and was planned to take place in 2020. Due to the changing business environment brought on by COVID-19, Microsoft delayed the retirement of legacy authentication protocols.
With Blumira’s new global report, “Microsoft 365: Legacy Authentication,” customers can quickly and easily detect instances of legacy authentication being used in their environments.
Legacy vs. Modern Authentication
Legacy and basic authentication rely solely on username and password, as opposed to additional forms of authentication. Legacy authentication protocols include IMAP4, POP3, and EWS, EAS, and Remote PowerShell.
Systems that use legacy authentication often include document scanners, voicemail-to-email bridges, and other systems that integrate with email. For example, older versions of Cisco Unified Communications systems offer email integration and contact list integration, with no option other than legacy auth. Organizations can update firmware to get more modern support, but there may be licensing concerns that limit the ability to have access to firmware updates. There are many other products like this still in common use, that either need firmware updates, software updates, or simply lack the ability to function without use of legacy auth.
Modern authentication, on the other hand, is any protocol that supports multi-factor authentication (MFA). This includes ADAL and OAuth. With modern authentication, users authenticate with a web dialogue belonging to your identity provider, such as Azure AD, rather than one owned by the OS or application.
Modern authentication is proven to be much more effective against threats such as ransomware. Attackers target accounts that rely on legacy authentication to Microsoft 365 10x more than those using modern authentication, an Okta report found.
Microsoft’s deprecation of legacy authentication will force organizations to adopt MFA in an effort to reduce overall risk and prevent cyberattacks.
How To Detect Legacy Authentication With Blumira
Recently, Blumira’s Incident Detection and Engineering team built a report to look for Azure Active Directory authentication events using legacy authentication protocols. All administrators should be reviewing these reports on a regular basis to see what usernames are still using legacy authentication.
To access the report that we have added, simply log into Blumira (app.blumira.com) and navigate to Reporting > Report Builder. Select the menu to the right of the Submit button, and search for “legacy.” Select the Microsoft 365: Legacy Authentication option.
All Blumira customers, including Blumira Free customers, have access to this global report to detect remaining use of legacy auth in Microsoft 365. As long as Microsoft 365 logs are being sent to Blumira, and auditing is enabled in Microsoft 365, you can use this report to proactively look for legacy auth issues.
Customers of paid editions of Blumira, including MSPs with an NFR account, can also set up scheduled reports to automatically send the contents of the Legacy Authentication report.
Get Ahead Of Microsoft’s Legacy Auth Changes
Once Microsoft starts to shut off legacy authentication, components of this report will most likely break. Focus on the User column and try to associate all the logins with specific applications, devices, or cloud services.
Make a list of all the confirmed or suspected sources of these logins, and work on each item on the list. Re-run the report with a short interval (less than 7 days) and check for remaining or new legacy auth logins. Ultimately, your goal should be to have an empty report.
Now is the time to start working on this, so you have time to gracefully fix these issues before October comes and things just break. Speaking from (lots of) experience, some of the things you will find are not easy fixes. There are still a lot of hardware and software products out there that only work with legacy auth. With a few months’ head start, MSPs can have these discussions with their customers and help them get a plan in place to continue to function without legacy auth.
References:
More from the blog
View All Posts
Product Updates
11 min read
| August 5, 2025
July 2025 Product Releases
Read More
Compliance Security Frameworks and Insurance
7 min read
| July 17, 2025
Blumira's Compliance Reports: Making Audit Assessments a Breeze
Read More
Product Updates
5 min read
| July 15, 2025
Streamline Your SecOps with the New Blumira API
Read More