Best Practice & Roll Out
IMAP: Disabled (for Default Group)
Roll-Out
Some steps to consider when managing IMAP within your Microsoft 365 environment:
Consult with the client to assess the need for IMAP usage and discuss potential security risks.
Migrate users to more secure email protocols like Exchange ActiveSync or Microsoft Exchange wherever possible.
Create groups within each tenant to manage users who require IMAP access and ensure they understand the security implications of using this protocol.
Restrict IMAP access by placing users who absolutely need it into specific security groups and enforcing MFA and strong password policies for them.
Enable strong authentication methods, including MFA, to reduce the risk of unauthorized access.
Train support teams on the risks associated with IMAP, including handling requests to enable it and troubleshooting issues by identifying old applications and alternative applications that the client can use in their place If an override is required allow your L1s to make that approved decision to make an exception.