Best Practice & Roll Out
POP3: Disabled (for Default Group)
Roll-Out
Some steps to consider:
Consult with the client on the security risks and need for POP3 and your intention to turn it off (see communication below)
Create groups on each tenant to manage the override for users who absolutely require POP3, while ensuring they understand the security risks involved.
Instruct the client to place specific users or groups into the POP3 override group and ensure that only those who need it are granted access.
Use the Account Management section of the dashboard to allocate users into groups based on security needs and monitor their usage of POP3 versus more secure protocols.
Implement robust authentication methods like multi-factor authentication (MFA) to mitigate risks.
Train Level 1 MSP support teams on the security risks of POP3. Note that the result may be clients with very old applications may lose connectivity
Client Communication
The following communication could be sent to the client to inform them of the baseline roll-out and likely repercussions if any