Securing Your Organization with Modern Authentication

Basic Authentication Depreciation on October 1, 2022
Microsoft has announced that effective October 1, 2022, they will begin to permanently disable Basic Auth in all tenants, regardless of usage, except for SMTP Auth. The overall scope of this change was extended to include Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB. Basic Authentication is an outdated industry standard, and threats posed by Basic Auth have only increased in the time since Microsoft originally announced they were making this change.
SMTP
Though SMTP is not being depreciated, organizations should still work to remove SMTP use, as it is a very common attack vector.
Security Risks
In addition to preparing for depreciation of Basic Auth, now is a great time to review your organization’s authentication methods
Every day that Legacy Authentication remains enabled in a tenant, data is at risk. The numbers on Legacy Authentication from an analysis of Azure Active Directory (Azure AD) traffic are stark:
99% |
Password SprayMore than 99% of password spray attacks use legacy authentication protocols. |
97% |
Credential StuffingMore than 97% of credential stuffing attacks use legacy authentication |
67% |
Legacy Auth StatusAzure AD accounts in organizations that have disabled legacy authentication experience 67% fewer compromises than those where legacy authentication is enabled. |
Source – New tools to block legacy authentication in your organization – MicrosoftTechCommunity
How can C2 help?
C2 will use various auditing techniques to determine and advise on remediation steps.
Often findings from audits lead to remediation efforts, like the following high-level themes:
- Mail apps in use must both support and be configured to use Modern Authentication
- In-house developed apps and processes that use Legacy Authentication and need to be redeveloped to use Modern Authentication
- Third-party apps will need to be identified and reconfigured to use Modern Authentication
- An MDM/MAM solution like Intune can be used to deploy new app profiles that support Modern Auth
- PowerShell scripts need to be updated to use Modern Auth
- Update Exchange Authentication Policies to exclude Basic Auth
We’re here when you need us…whenever you need us!
C2 has the experience and knowledge to help manage Authentication challenges.
Contact us today and let us help secure your organization for the future.