Blog

Securing Your Organization with Modern Authentication

by |

Basic Authentication Depreciation​ on October 1, 2022

Microsoft has announced that effective October 1, 2022, they will begin to permanently disable Basic Auth in all tenants, regardless of usage, except for SMTP Auth.  The overall scope of this change was extended to include Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB.  Basic Authentication is an outdated industry standard, and threats posed by Basic Auth have only increased in the time since Microsoft originally announced they were making this change.

SMTP

Though SMTP is not being depreciated, organizations should still work to remove SMTP use, as it is a very common attack vector.

Security Risks

In addition to preparing for depreciation of Basic Auth, now is a great time to review your organization’s authentication methods​

Every day that Legacy Authentication remains enabled in a tenant, data is at risk. The numbers on Legacy Authentication from an analysis of Azure Active Directory (Azure AD) traffic are stark:

99%

Password Spray

More than 99% of password spray attacks use legacy authentication protocols.

97%

Credential Stuffing

More than 97% of credential stuffing attacks use legacy authentication

67%

Legacy Auth Status

Azure AD accounts in organizations that have disabled legacy authentication experience 67% fewer compromises than those where legacy authentication is enabled.

Source – New tools to block legacy authentication in your organization – MicrosoftTechCommunity

How can C2 help?

C2 will use various auditing techniques to determine and advise on remediation steps.

Often findings from audits lead to remediation efforts, like the following high-level themes:

  • Mail apps in use must both support and be configured to use Modern Authentication
  • In-house developed apps and processes that use Legacy Authentication and need to be redeveloped to use Modern Authentication
  • Third-party apps will need to be identified and reconfigured to use Modern Authentication
  • An MDM/MAM solution like Intune can be used to deploy new app profiles that support Modern Auth
  • PowerShell scripts need to be updated to use Modern Auth
  • Update Exchange Authentication Policies to exclude Basic Auth

We’re here when you need us…whenever you need us!

C2 has the experience and knowledge to help manage Authentication challenges.

Contact us today and let us help secure your organization for the future.

Be Competitive with Technology™ Today!

Learn More

We’re always looking for new talent and fresh ideas.

Explore Careers