Hey folks,
If you’re a regular reader of this blog series, you know we’ve been advocating for admins to enable multi-factor authentication (MFA) for a while. In one of my previous posts, Your P...
Updated Jul 24, 2020
Version 13.0
Blog Post
Just curious if anyone has noticed this oddity.
We disable IMAP and POP on every mailbox within our tenant. We don't use MFA and are slowing transitioning away from legacy auth. In my report(s) I see numerous entries for authentication attempts from varying parts of the world using IMAP. I opened a support ticket with the (not so) fine folks at Azure Active Directory support and just wasted multiple days running in circles (language/comprehension disconnect). I learned merely a few hours ago, the support/ticket system is specific to "code red", "may day", "system down" triage and root cause type support and not "why does my report show me inaccurate information?" type support.
So, my question is this. If IMAP is disabled, why does my sign-ins report indicate someone from Brazil, Vietnam, etc., attempted to sign in to a licensed user's mailbox and failed due to the use of an "incorrect password"? The client app column indicates IMAP is/was used. That said, which is incorrect, the column or my concern (understanding) that IMAP isn't really disabled? Please note: Yes, IMAP is disabled on every mailbox. I am the only global admin for the tenant and I double-checked every mailbox in question before posting this. :0)