Microsoft to disable old school authentication for Exchange Online
Date:
Wed, 04 May 2022 17:42:08 +0000
Description:
Microsoft is finally disabling Basic Authentication for Exchange Online.
FULL STORY ======================================================================
Microsoft has announced it will begin disabling HTTP-based authentication scheme Basic Authentication.
The move will impact random tenants using Exchange Online worldwide from October 1, 2022.
The move to axe the old school authentication procedure, which dates back to the early 90s, was announced in September 2021, after being initially pushed back due to the pandemic. What is Basic Authentication?
Basic Authenticationis a method which allows a HTTP user agent, for example a web browser, to provide ausernameandpasswordwhen making a request.
Microsoft says there will be no way to request an exception after October 2022.
However, Basic Authentication can be disabled at the time of the users choosing via using Microsofts Authentication Policies. What should users do?
Microsofts documentation page lists some of the most commonly encountered issues among users and what can be done to switch from basic to Modern Authentication.
This advice includes ensuring that email service Outlook for Windows is fully up to date, and has the right registry keys in place and most importantly according to Microsoft that the tenant-wide switch to enable is set to True.
Microsoft reiterated that the absolute best way to disable Basic Authentication is to use its Authentication Policies feature.
Microsoft warned users not to use Set-CASMailbox or Conditional Access, as these are bothpost-authentication and though these prevent access to the
data, they dont stop the authentication access.
Microsoft did not specifically call out the reasons for the attempt to
improve its ID management, however it did say that Basic Authentication is still one of, if notthemost common ways our customers get compromised, and these types of attacks areincreasing.
Weve disabled Basic Authentication inmillionsof tenants that werent using it, and were currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Authentication enabled, you are at risk from attack. Read more
Microsoft launches special Office 365 bundle with maximum security
Microsoft Exchange servers targeted with Cuba ransomware
Cisco Secure Email gateways can be crashed using this simple bug
The news follows recent findings from cybersecurity firm Guardicore that revealed a design flaw in an integral feature of the Microsoft Exchange email server can be abused to harvest Windows domain and app credentials.
The report said that the issue exists in the Microsoft Autodiscover protocol, which helps email clients discover Exchange email servers in order to receive proper configurations.
Email remains an extremely common endpoint which allows organizations to get exposed to cybercriminals, and Microsoft has been active in terms of adding
to its email security offerings.
The company recently has added a new security layer to its Office 365 email service as it looks to improve the integrity of incoming and outgoing messages.
The company says the new protection , SMTP MTA Strict Transport Security (MTA-STS), a feature it first announced in H2 2020, solves problems such as expired TLS certificates, problems with third-party certificates, or unsupported secure protocols. Want to get the right email solution for your organization? Check out our guide to the best email services
======================================================================
Link to news story:
https://www.techradar.com/news/microsoft-to-disable-old-school-authentication- for-exchange-online/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)