- #User authentication policy upgrade
- #User authentication policy for android
- #User authentication policy password
- #User authentication policy professional
#User authentication policy upgrade
If you cannot upgrade the client software for whatever reason you have to off-board the mailbox (and other services when used) back to Exchange on-premises. The obvious step is to upgrade any Office 2010 client that’s accessing Office 365 to Office 2013 or higher (I would recommend upgrading to Office 2016 or higher, or use Office 365 ProPlus). Now you are able to create a list of all clients that are using Basic Authentication to access the Microsoft cloud. To make an analysis of the results easier you can export this information to a CSV of JSON file and import it into Microsoft Excel. Most likely a user that mistyped his password. We have Office in seven different countries, and only one location is listed in the screenshot above.
#User authentication policy password
This includes all password spray attacks, originating from various locations worldwide as can be seen in the following screenshot:
#User authentication policy professional
In the example below, you can see it was an Outlook 2010 Professional client that was accessing Exchange Online.Īs a side note, if you add a filter on Status and select Failed, you will see all attempts using Basic Authentication that failed. This reveals which client application is used. You can click on a row to see specific details like date/time, user information, application information, and the user agent string. This will show all basic authentication logins in your tenant.
Click on “Client App: None Selected” and select all options except Browser and Mobile Apps and Desktop Clients as shown in the following screenshot: Use the Add Filters button to narrow down the information, in this blogpost to show only information regarding Basic Authentication.Ĭlick Add Filter, select Client App and Click Apply. Needless to say, this is way too much information. This returns all logins (successful and failed) of all clients in Azure AD, and for a large organization this means a lot data. You can monitor Basic Authentications using the sign-in option (scroll down to monitoring) in the Azure AD Portal. Think about applications that use EWS to access a mailbox, these might be impacted as well if the application does not support Modern Authentication.
#User authentication policy for android
For iOS, you’re good if you are using iOS 11 or higher, for Android I’m not sure since there are so many versions available. ActiveSync is used by native mail clients in iOS and Android devices. End of story for Outlook 2010 (I know, Outlook 2010 is an old product and out of support by then, but this is still used frequently).īut it’s not just Outlook, it’s Exchange Web Services (EWS), ActiveSync, Remote PowerShell, POP, and IMAP. And in this scenario does not support means does not connect. However, if you are using Outlook 2010 in combination with Exchange Online, you will run into issues since Outlook 2010 does not support Modern Authentication. The same Outlook 2016 clients shows the following popup when using Modern Authentication:Īs mentioned previously, Outlook 2013 and higher support Modern Authentication. So how do you know if your (Outlook) client is using Basic Authentication or Modern Authentication? The authentication popup when Outlook 2016 shows when using Basic Authentication looks like this: This can include Exchange Online, SharePoint Online, OneDrive for Business, Azure resources, etc. Azure AD creates a token and the client uses this token to access other resources in the Microsoft cloud. A client reaches a logon page (from Azure AD) and enters his/her credentials. In Office 2013, Microsoft introduced a new way of authentication called Modern Authentication, which is token-based.
When users are using weak passwords (admit it, they do) it is just a matter of time before their account is compromised. Basic authentication is vulnerable to brute force or password spray attacks. Every time a resource is accessed, the username and password are sent across the wire, over and over again. The connection is secured by SSL so traffic is unreadable. When using Basic Authentication, the username and password are sent in clear text across the wire. However, most customers don’t have this and may run into issues. īut what does that mean? If you have the latest version of Microsoft software and everything configured according to Microsoft best practices you should be good. In addition, Microsoft will stop basic authentication in Office 365 as outlined in their post Upcoming changes to Exchange Web Services (EWS) API for Office 365 and their follow-up post Basic Auth and Exchange Online – February 2020 Update. On this date, Microsoft will stop support for their 2010 suite of products like Exchange 2010, SharePoint 2010, Office 2010, etc. October 13, 2020, is an important date for Microsoft for a variety of reasons.
0 kommentar(er)
