Disable POP and IMAP by Default
I'd like to be able to set that the default for IMAP and POP is disabled. From there we can turn on these features per mailbox as required.
What happened to "secure by default?" Please add the ability to block these protocols tenant-wide and then we can enable the exceptions, rather than the other way around.
I agree that these days, POP and IMAP are a security risk and as such both of these legacy protocols should be disabled by default. However, you can configure your Office 365 tenant so that any newly created mailboxes have them disabled by default. Run the following in PowerShell: get-casmailboxplan|set-casmailboxplan -popenabled $false -imapenabled $false
We just got hit with an IMAP attack which bypassed MFA. Microsoft, please disable IMAP by default!
So many features missing causing the inability to manage our Tenants. Microsoft, Listen to your Admins. If you make it easier for the few of us who are feeding back, you will make it easier for all of us!
Common guys, make this disabled by defaut
martin wüthrich commented
wow, just wow... :/
please, this should be set by default on disabled. And it should be enabled if required.
Ryan W commented
I think you can do this by modifying your mailbox plans (Set-MailboxPlan). See https://practical365.com/exchange-online/controlling-exchange-online-mailbox-features-mailbox-plans/
This "feature" is available on the on-premise version. It would be nice if there were feature parity with the on-premise Exchange.
To make this worse, it appears, although I haven't done extensive tests, that when you migrate a mailbox to O365 which has IMAP disabled, it ignores that previous setting and re-enables IMAP.. (and pop) Is anyone else seeing this behavior?
Mike Vynalek commented
This is very much a necessity for customers that need to secure devices with Exchange ActiveSync polices or Intune MDM. A user could simply connect their mobile device via POP or IMAP to skirt around the policy requirements.
Kevin Aswinanun commented
I'd like to see a feature like this or a dashboard that will allow administrators to change the default settings for various Mailbox Features items (In-Place Archive, Outlook on the web, Exchange ActiveSync, OWA for Devices, etc). This will allow quicker creation of accounts for on-boarding of new staff if there's a process to follow to take out steps that would be required if we can change the default behavior.