If you or your users are using a 3rd party application which uses these protocols, reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication or assist your users to switch to an application that’s built using OAuth 2.0.If you have written your own code using these protocols, update your code to use OAuth 2.0 instead of Basic Authentication, or migrate to a newer protocol (Graph API).For Exchange Web Services (EWS), Remote PowerShell (RPS), POP and IMAP, and Exchange ActiveSync (EAS): Microsoft also extended the overall impacted scope, the follow protocols are included: Exchange Web Services (EWS), Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, MAPI, RPC, SMTP AUTH and OAB. This is because legacy authentication protocols like POP, SMTP, IMAP, and MAPI can’t enforce MFA, making them preferred entry points for adversaries attacking your organization… With these threats and risks in mind, Microsoft is taking steps to improve data security in Exchange Online. Also For MFA to be effective, you also need to block legacy authentication. Currently, there are better and more effective modern user authentication alternatives such as OAuth 2.0 token-based authorization. Its threats have only increased since Microsoft originally announced they would disable it. Why?īasic authentication is an outdated authentication protocol. But now there is no escaping anymore and Microsoft will effectively begin on Octoto turn off basic authentication for exchange online in all Microsoft 365 tenants regardless of usage, except for SMTP authentication. Microsoft has long announced that it is going to block legacy authentication, due to corona and other reasons, this announcement has been delayed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |