Deactivation of Basic Authentication in Exchange Online
Microsoft is deactivating Basic Authentication in Exchange Onlineas of October 1, 2022.
Basic Authentication is a procedure for authentication to websites or services in which data such as user name and password are transmitted in plain text. Although the transmission is secured when using HTTPS, the information is always transmitted with every request. Security functions such as multi-factor authentication or conditional access policies cannot be evaluated here. If your users are already equipped with MFA, potential attackers can exploit this gap by activating older authentication methods.
You can check this yourself via the Azure AD sign-in logs. Here, the logins can be filtered according to the client app. If the client apps with old authentication methods are selected here, you can see which users would be affected by the deactivation in October.
Here you can see it very concretely: under the item "Legacy Authentication Clients" activate all filters, except SMTP Authentication (this is currently not yet deactivated) and thus you can recognize the affected users, services or services.
Do you need support with the evaluation or correction or do you have general questions? Then please get in touch with us!
Contact
CANCOM Austria
Start right away