Field Effect does recommend disabling legacy authentication protocols for all users as legacy authentication protocols may be used by threat actors in an attempt to circumvent security controls such as multi-factor authentication (MFA).
As of 31 December 2022, Microsoft deprecated the use of legacy authentication protocols in Exchange Online (excluding SMTP), so you should only need to implement conditional access for SMTP if you do opt to restrict access via Exchange Online as well.
The Microsoft guide Block legacy authentication with Microsoft Entra Conditional Access can help with setting up conditional access for SMTP.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article