Microsoft 365: PowerShell – How to Block legacy browser authentication to SharePoint and OneDrive

by · Published · Updated

Updating tenant setting - Block legacy browser authentication setting - Set-SPOTenant
Updating tenant setting - Block legacy browser authentication setting - Set-SPOTenant

Hi All,

Greetings for the day!!!

Today, I am sharing PowerShell CMDLET for blocking legacy browser authentication to SharePoint and OneDrive using RPS.

Details

  • Microsoft recommends that we should block authentication requests using legacy protocols that don’t support multifactor authentication.
  • Based on Microsoft’s analysis
    • more than 97 percent of credential stuffing attacks use legacy authentication
    • more than 99 percent of password spray attacks use legacy authentication protocols
  • These attacks would stop with basic authentication disabled or blocked
  • Customers without licenses can make use of security defaults to block legacy authentication.
  • We have detailed article on “Security Default“. Azure – Preparing exam SC – 300 – Identity and Access Administrator – security defaults – Part 5 https://knowledge-junction.in/2021/03/19/preparing-exam-sc-300-identity-and-access-administrator-security-defaults-part-5/

How to get whether Legacy browser authentication is enabled in my tenant

  • We will use “Get-SPOTenant” PowerShell CMDLET “
  • Once we get all the tenant settings using “Get-SPOTenant“, we will use “LegacyAuthProtocolsEnabled” property, which will return either “True” or “False
  • Return value will show whether legacy browser authentication is enabled or disabled in my tenant
  • Connect to our tenant using Connect-SPOService PowerShell CMDLET

PS C:\> Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable

    Directory: C:\Users\u1086350\Documents\PowerShell\Modules

ModuleType Version    PreRelease Name                                PSEdition ExportedCommands
---------- -------    ---------- ----                                --------- ----------------
Binary     16.0.2612…            Microsoft.Online.SharePoint.PowerS… Desk

PS C:\> import-Module -Name  C:\Users\u1086350\Documents\PowerShell\Modules\Microsoft.Online.SharePoint.PowerShell -UseWindowsPowerShell

PS C:\> Connect-sPOService -Url https://knowledgejunction1-admin.sharepoint.com/ -Credential $cred

PS C:\> $TenantSettings = Get-SPOTenant

PS C:\> $TenantSettings.LegacyAuthProtocolsEnabled
True

PS C:\> $TenantSettings.LegacyBrowserAuthProtocolsEnabled
True

Screenshot of PowerShell command line displaying the output of 'Get-Module' and command warnings related to Microsoft.Online.SharePoint.PowerShell module.
figure: Connecting to Microsoft 365 tenant – Connect-SPOService

  • Once we connected to our tenant, next step is to get the tenant settings using Get-SPOTenant

PowerShell command output showing tenant settings, specifically highlighting legacy authentication protocol settings.
figure: Get Microsoft 365 tenant settings – Get-SPOTenant

PowerShell command output showing tenant settings with legacy authentication protocols enabled.
figure: verifying Block legacy browser authentication setting for SharePoint and OneDrive

We have detailed article to get the Microsoft 365 tenant setting. Microsoft 365: PowerShell – How to retrieve tenant settingshttps://knowledge-junction.in/2025/06/22/m365-powershell-retrieve-tenant-settings/

Next step is to update the setting to Block legacy browser authentication setting for SharePoint and OneDrive using Set-SPOTenant

PowerShell command line showing the 'Set-SPOTenant' cmdlet to disable legacy browser authentication for SharePoint.
figure: Updating tenant setting – Block legacy browser authentication setting – Set-SPOTenant

REFERENCES

Thanks for reading 🙂

Keep reading, share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Tags:

Prasham Sabadra

LIFE IS VERY BEAUTIFUL. ENJOY THE WHOLE JOURNEY :) Founder of Microsoft 365 Junction, Speaker, Author, Learner, Developer, Passionate Techie. Certified Professional Workshop Facilitator / Public Speaker. Believe in knowledge sharing. Around 20+ years of total IT experience and 17+ years of experience in SharePoint and Microsoft 365 services Please feel free me to contact for any SharePoint / Microsoft 365 queries. I am also very much interested in behavioral (life changing) sessions like motivational speeches, Success, Goal Setting, About Life, How to live Life etc. My book - Microsoft 365 Power Shell hand book for Administrators and Beginners and 100 Power Shell Interview Questions - https://www.amazon.in/Microsoft-Administrators-Beginners-Interview-Questions/dp/9394901639/ref=tmm_pap_swatch_0?_encoding=UTF8&qid=1679029081&sr=8-11

You may also like...

1 Response

  1. Microsoft 365 – MAJOR UPDATE : Secure by Default Settings Changes | Microsoft 365
    June 24, 2025

    […] Microsoft 365: PowerShell – How to Block legacy browser authentication to SharePoint and OneDrive – https://microsoft365junction.com/2025/06/22/m365-ps-block-legacy-browser-authentication-to-spo-onedr… […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from Microsoft 365

Subscribe now to keep reading and get access to the full archive.

Continue reading