No-reply mailboxes are often used for outbound communication. These are often configured using a shared mailbox which would be accessed by other email accounts post authentication.
Because of the scared nature of these mailboxes they may not be configured with MFA and may thus trigger a Legacy Authentication ARO
Typically, in Microsoft 365, a no-reply account is setup using a shared mailbox which would be accessed by other email accounts post authentication. If that is the case with your no-reply account, there would be no need for MFA as long as the accounts that have access to the mailbox have MFA enabled.
Additionally, Microsoft documentation regarding shared mailboxes advise against direct sign-ins to shared mailboxes: "A shared mailbox is not intended for direct sign-in by its associated user account. You should always block sign-in for the shared mailbox account and keep it blocked."
Therefore, if the no-reply account is properly configured using a shared mailbox, we recommend ensuring that all users with access to the mailbox have MFA enabled on their accounts.
Furthermore, if activity from the no-reply account is controlled by a third-party application, it's possible that the third-party application does not support OAuth (Open Authorization) which in turn will cause legacy authentication events to occur. If that is the case, we recommend getting in contact with the third-party vendor to address a more secure solution.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article