Several legacy protocols don’t support multi-factor authentication (MFA).
And that is something we don’t want to happen for neither our users, nor our organization. Since this is sent with every request, this also means the attack surface is bigger, and therefore this form of authentication is more vulnerable to brute force or password spray attacks. In short, basic/legacy authentication means that the application will send the username and password each time a request is made to Exchange Online.Įxchange Online will then forward the authentication request to Azure Active Directory (AAD) or other identity provider (IdP) – like Active Directory Federation Services (ADFS) or similar. Legacy authentication refers to protocols that use basic authentication. So, what is the difference on these two ways of user authentication for Exchange Online? Legacy/basic authentication Basic authentication VS Modern authentication What is the difference on the two, and why should you care? So how do you deal with this, and how can you monitor whether users or apps in your organization are using basic authentication? Updated statement for this released by Microsoft, can be found in the April update here, and more details also in the July update here. If you did not get around to doing this, you still have some time left.ĭue to the ongoing COVID-19 crisis this date has been moved, and is now set for the second half of 2021.
Internet Message Access Protocol (IMAP).This goes for the following components of Exchange Online: The said date for this change was set to October 13 2020, and the statement was made Septemand can be found here. Subscribers of O/M365 should move to using modern authentication, as this is more secure and gives alot of other benefits. If you have kept up to date with the many announcements around 365 – spesifically Exchange Online, from Microsoft, you may remember that they announced that end of support for basic authentication were coming to various parts of Exchange Online in 365.
0 kommentar(er)
