Created: 1/16/23

Updated: 1/17/23

This is a guide to block legacy authentication with Exchange Online.

      1. Open up PowerShell
      2. Follow this guide to get connected to Exchange Online

Type this to check for other Authentication Policies:

Get-AuthenticationPolicy | Format-Table -Auto Name

      1. Note: if you never set up an Authentication Policy, none would appear, this is normal.

Create a new Authentication Policy via:

New-AuthenticationPolicy -Name “BlockBasics

To verify that all basic settings are disabled type this:

Get-AuthenticationPolicy -Identity “BlockBasics”

      1. Note: by default, all are disabled when the policy is created

To enforce this for a single user type:

Set-User -Identity [email protected] -AuthenticationPolicy BlockBasics

To enforce this for a group of users type:

Get-Mailbox -Resultsize Unlimited | Set-User -AuthenticationPolicy BlockBasics

      1. Note: Press “A” to confirm

To enforce for a group of users but exclude a user or group type:

Get-Mailbox -Resultsize Unlimited | ? {$_.displayname -notlike “John Doe*”} | Set-User -AuthenticationPolicy BlockBasics

      1. Note: Press “A” to confirm
      2. This will exclude users that are called “John Doe”

Something handy, to check out your AuthenticationPolicy type:

Get-AuthenticationPolicy -Identity “BlockBasics”

Note: useful Exchange 2019 Powershell commands list

Whelp this is a wrap, cheers!

-Trevor