Created: 1/16/23
Updated: 1/17/23
This is a guide to block legacy authentication with Exchange Online.
-
-
- Open up PowerShell
- Follow this guide to get connected to Exchange Online
-
Type this to check for other Authentication Policies:
Get-AuthenticationPolicy | Format-Table -Auto Name
-
-
- Note: if you never set up an Authentication Policy, none would appear, this is normal.
-
Create a new Authentication Policy via:
New-AuthenticationPolicy -Name “BlockBasics
To verify that all basic settings are disabled type this:
Get-AuthenticationPolicy -Identity “BlockBasics”
-
-
- Note: by default, all are disabled when the policy is created
-
To enforce this for a single user type:
Set-User -Identity someone@domain.suffix -AuthenticationPolicy BlockBasics
To enforce this for a group of users type:
Get-Mailbox -Resultsize Unlimited | Set-User -AuthenticationPolicy BlockBasics
-
-
- Note: Press “A” to confirm
-
To enforce for a group of users but exclude a user or group type:
Get-Mailbox -Resultsize Unlimited | ? {$_.displayname -notlike “John Doe*”} | Set-User -AuthenticationPolicy BlockBasics
-
-
- Note: Press “A” to confirm
- This will exclude users that are called “John Doe”
-
Something handy, to check out your AuthenticationPolicy type:
Get-AuthenticationPolicy -Identity “BlockBasics”
Note: useful Exchange 2019 Powershell commands list
Whelp this is a wrap, cheers!
-Trevor