Recently saw this article mention IMAP attacks against Office365 mailboxes due to IMAP bypassing MFA rules:
My suggestion is to bulk disable IMAP and POP of your organization doesn’t use them. You can use Powershell to disable these protocols en-bulk in seconds, however if your firm is larger, make sure those protocols aren’t in use first by various systems, especially IMAP.
You may also want to look at Activesync and OWA as well, not every mailbox likely needs those as well, especially system mailboxes.
Gets all IMAP enabled mailboxes
get-casmailbox | ? imapenabled -eq $true
Gets all IMAP enabled mailboxes and disables it
get-casmailbox | ? imapenabled -eq $true | set-casmailbox -imapenabled $false
Gets all POP enabled mailboxes
get-casmailbox | ? popenabled -eq $true
Gets all POP enabled mailboxes and disables it
get-casmailbox | ? popenabled -eq $true | set-casmailbox -popenabled $false
Edit: Heres another article about how to set defaults for the protocols. Remember to disable OWAforDevices if you don’t allow the Outlook IOS/Android app.
https://community.spiceworks.com/how_to/152329-setting-the-default-email-protocols-in-office-365
You can disable OWAforDevices for existing users using the same set-casmailbox cmdlet:
get-casmailbox | ? owafordevicesenabled -eq $true | set-casmailbox -OWAforDevicesEnabled $false