Exchange Online: Enabling Modern Authentication vs disabling legacy authentication

[harbulot]

This is feedback (and a couple of questions) on the following page and the text contained in the Admin portal it refers to: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

(This is also partly related to the confusing between Legacy Authentication and Legacy Protocols as mentioned in #88056 and #50396.)

It is not clear whether enabling Modern Authentication also disables Legacy Authentication for these protocols. Logically speaking, one does not imply the other.

It seems Legacy Authentication is now fully disabled anyway for Exchange Online. Is that correct?

If not, can both modern and legacy authentication be enabled at the same time? If so, how to make sure only modern authentication is enabled?

Regarding the text in the Microsoft 365 admin center portal (mentioned at the bottom of the documentation page):

In the Microsoft 365 admin center, go to Settings > Org Settings > Modern Authentication. In the Modern authentication flyout that appears, click to enable or disable Turn on modern authentication for Outlook 2013 for Windows and later (recommended).

It says "Before you turn off basic authentication for protocols, view your sign-in reports in the ‎Azure‎ portal to make sure people in your organization aren’t using them.".

What does that mean with respect to the following tick box ("Authenticated SMTP"). Does ticking this box:

• Enable Modern and Legacy Authentication for SMTP?
• Enable Legacy authentication (but disables Modern auth) for SMTP?

If Legacy Authentication is turned off altogether anyway. What is the point of having this box?

[AjayBathini-MSFT]

@harbulot Thanks for your feedback! I've assigned this issue to the author who will investigate and update as appropriate.