Exchange Online protocol authentication policies control what protocols a user can connect to mailboxes with, but it would be much better if we didn’t have to worry about some old and insecure protocols. Azure Active Directory gives Office 365 tenants the chance to clamp down on IMAP4 and POP3 connections and close off some of the holes that attackers try to exploit. Microsoft says that this can lead to a 67% reduction in account compromises, so that’s a good thing.
Microsoft has released a preview of the cmdlet set to allow tenants to create and manage protocol authentication policies for Exchange Online. It’s a great chance to disable basic authentication and reduce the attack surface for password spraying.