Okta MFA O365 Email – Do Not Use Basic Auth

Basic Auth – requires only username/password and not compatible with 2-step authentication  (LEGACY – Bypasses MFA requirements)

While implementing Okta MFA for O365 you’ll come across the option to enable/disable Basic Auth. You’ll want this disabled but you might have end users who can’t do Modern Auth because they are using legacy apps or some other reason. It’s best to get these users on apps that support Modern Auth as soon as possible since this leaves your environment vulnerable.

Below you can see POP/IMAP does not support Modern Auth:
okta-modernauth-proto.PNG

Below are email clients that support Modern Auth:
okta-modernauth-clients1.PNG

Below are email clients NOT supported for Modern Auth:
okta-modernauth-clients2.PNG

Below are email client versions that were tested and verified by Okta:
okta-modernauth-clients3.PNG

Source: https://www.okta.com/resources/whitepaper/securing-office-365-with-okta

NOTE:
Apple’s native Mail app on iOS 11.x+ does support Modern Auth.