Azure secure score block legacy authentication

SenservaPro_CL
| where ControlName_s == 'AzureSecureScoreBlockLegacyAuthentication'

name: Azure secure score block legacy authentication
relevantTechniques:
- T1212
- T1556
id: C27BB559-28C5-4924-A7DA-3BF04CD02C8F
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/SenservaPro/Analytic Rules/BlockLegacyAuthentication.yaml
requiredDataConnectors:
- dataTypes:
  - SenservaPro_CL
  connectorId: SenservaPro
version: 1.0.1
severity: High
triggerThreshold: 0
queryPeriod: 6h
entityMappings:
- fieldMappings:
  - identifier: Name
    columnName: ControlName_s
  - identifier: AadTenantId
    columnName: TenantId
  - identifier: DisplayName
    columnName: TenantDisplayName_s
  entityType: Account
- fieldMappings:
  - identifier: DistinguishedName
    columnName: Group_s
  entityType: SecurityGroup
- fieldMappings:
  - identifier: ResourceId
    columnName: SourceSystem
  entityType: AzureResource
queryFrequency: 6h
status: Available
query: |
  SenservaPro_CL
  | where ControlName_s == 'AzureSecureScoreBlockLegacyAuthentication'  
tactics:
- CredentialAccess
kind: Scheduled
description: |
  'This query searches for most compromising sign-in attempts come from legacy authentication. 
   Older office clients such as Office 2010 do not support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. 
   Legacy authentication does not support multi-factor authentication (MFA).
   Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.'  
triggerOperator: gt