Internet Message Access Protocol (IMAP), Simple Mail Transfer Protocol (SMTP), EWS and Post Office Protocol (POP) are no longer supported at Harrisburg University. Applications using these protocols may experience connectivity issues. It is recommended you switch to one of the provided methods of connectivity listed at the end of this article.
Additional context for the security justification:
Abuse of the email service by compromised credentials is a very large and growing issue. These credentials are used to access mailboxes, send out phishing to other people, and potentially exfiltrate sensitive email messages.
- Disabling unnecessary protocol access to accounts makes it more difficult for malicious actors to automatically test the validity of passwords obtained from phishing and 3rd party password database dumps.
- Reducing the number of protocols that can be used to export data from a mailbox will help reduce the risk of data exfiltration due to abuse via compromised credentials.
- If (and when) Multi-Factor Authentication (MFA) is available and enabled for an account, disabling these non-legacy protocols is a way to ensure that malicious actors can’t bypass MFA by using a legacy protocol that isn’t compatible with MFA.
Even though Microsoft provides you with the ability to connect to your Office 365 account using a wide variety of clients/protocols, for the best experience and complete support, Microsoft recommends connecting through one of the following ways: