Monitor Legacy Clients used in Your Organization to Secure your Office 365 Environment

Do all the users in your Office 365 organization updated their sign-in methods? If not, then you must act faster and update it. Using legacy app clients holds less security than apps that supports modern authentication. Thus, it may lead to data leakage in your organization. To improve security, admins should avoid legacy app usage and stay updated. So, what should be updated to elevate security? You must check the users’ authentication methods, OS versions, browser versions, whether they use any deprecated client apps, etc. Microsoft helps you to monitor all the user details to secure your organization. Here, let’s see how to find out the usage of legacy client apps in your organization.


Microsoft 365 Authentication Methods?

Microsoft supports the following two types of authentications to connect to the server.

  • Modern authentication
  • Legacy (basic) authentication

Modern authentication is more secure than legacy authentication which requires no additional verification other than a username and password to access your tenant. When concerning data security, modern authentication is preferred. Now, Microsoft has deprecated legacy authentication to restrict its usage and improve security. So, users who use the older version no longer use the app without upgrading to modern authentication. To avoid this, admins need to monitor the client apps, Outlook versions, and browser versions used by the users and update them accordingly.


How to find the users who use deprecated client apps?

Admins should track the client apps used by the users to connect O365 to find out who still uses the deprecated client apps in the organization. Then, they should migrate to modern authentication. Admins can track the client apps in the following two ways.

  • Microsoft 365 Admin Center
  • Azure Active Directory Admin Center


Tracking app clients using Admin Center

  1. Navigate to Microsoft 365 Admin Center.
  2. Click on Reports–> Usage.
  3. Under Email activity click View More.
  4. Select the Email app usage.
  5. You will get the list of client apps and versions of Outlook used by the users in your organization.


client app Admin center


Tracking app clients using Azure Active Directory

  1. Navigate to Azure Active Directory Admin Center.
  2. Select the Azure Active Directory. Select the sign-in logs.
  3. Use the Columns–>Client apps to add the client apps column.
  4. To filter deprecated protocols click Add filters–>Client App and select the deprecated protocols (Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac, SMTP).
  5. Click Apply.


Client app using Azure AD


You can also monitor the browser and OS versions used in the organization by clicking Columns and adding the Operating system and Device browser column.


How to restrict users from using deprecated client apps?

Though Microsoft has deprecated the basic authentication, admins can extend the deprecation period based on their organization’s requirements. You can also block legacy client apps in the following ways.

  • Microsoft 365 Admin Center
  • Conditional access policy


Blocking Legacy apps using Microsoft 365 Admin Center

  • Open the Microsoft 365 admin center.
  • Select Setting –> Org settings.
  • Under Services –> Morden authentication. A popup appears.
  • Unselect all the basic authentication protocols and click Save.


clinet app usage setting


Blocking Legacy apps using Conditional Access Policy:

  • Navigate to Azure Active Directory Admin Center.
  • Browse to Azure Active directory–>Security–>Conditional Access.
  • Select New policy.
  • Set up a policy name. Under the Users or workload identities segment, select the users for whom you need to block legacy authentication.
  • Under the Condition category, select Client apps. Set Configure to Yes and check the Exchange ActiveSync clients and Other clients checkboxes. Then, Select Done.
  • Under Access controls–> Grant, select Block access
  • After confirming your settings set Enable Policy to
  • Click Create to enable the policy.


client app conditional access

Hope we have fulfilled your requirements regarding the client apps. Feel free to reach us in the comment section. We would be glad to assist you!