We've already started making this change. Enabling and enforcing multifactor authentication (MFA) is also simple with Modern authentication. For example, OAuth access tokens have a limited usable lifetime, and are specific to the applications and resources for which they are issued, so they cannot be reused. Modern authentication (OAuth 2.0 token-based authorization) has many benefits and improvements that help mitigate the issues in basic authentication. This decision requires customers to move from apps that use basic authentication to apps that use Modern authentication. We're also disabling SMTP AUTH in all tenants in which it's not being used. We're removing the ability to use Basic authentication in Exchange Online for Exchange ActiveSync (EAS), POP, IMAP, Remote PowerShell, Exchange Web Services (EWS), Offline Address Book (OAB), Outlook for Windows, and Mac. With these threats and risks in mind, we're taking steps to improve data security in Exchange Online. These alternatives allow for intelligent decisions about who is trying to access what from where on which device rather than simply trusting an authentication credential that could be a bad actor impersonating a user. We actively recommend that customers adopt security strategies such as Zero Trust (Never Trust, Always Verify), or apply real-time assessment policies when users and devices access corporate information. Threats posed by it have only increased since we originally announced that we were going to turn it off (see Improving Security - Together) There are better and more effective user authentication alternatives.
.svg/800px-Microsoft_Office_Outlook_(2018–present).svg.png "microsoft outlook 2016 online")
Furthermore, the enforcement of multifactor authentication (MFA) is not simple or in some cases, possible when Basic authentication remains enabled.īasic authentication is an outdated industry standard. Simplicity isn't at all bad, but Basic authentication makes it easier for attackers to capture user credentials (particularly if the credentials are not protected by TLS), which increases the risk of those stolen credentials being reused against other endpoints or services.
/StuckinOutbox-5bd9b2e446e0fb00514d5d12.jpg "microsoft outlook 2016 online")
Traditionally, Basic authentication is enabled by default on most servers or services, and is simple to set up. Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. For many years, applications have used Basic authentication (also known as Legacy authentication) to connect to servers, services, and API endpoints.
0 kommentar(er)
