In a detailed examination, CrowdStrike uncovers inconsistencies in Microsoft 365 Azure AD sign-in logs, which inaccurately show successful logins via legacy authentication protocols such as IMAP, despite being blocked at the mailbox level. This discrepancy could mislead organizations into erroneously believing that mailbox contents have been compromised, potentially leading to significant legal and regulatory implications. CrowdStrike's proof of concept illustrates that while SMTP authentication was successful, no mail synchronization occurred, highlighting the need for accurate logging. The report advises implementing conditional access policies to block these legacy protocols and enhance security monitoring through the MailItemsAccessed operation. With Microsoft planning to disable certain legacy authentication methods by October 2022, these recommendations are critical for reducing risks associated with outdated authentication protocols.