Microsoft to disable old school authentication for Exchange Online

Microsoft has announced it will begin disabling HTTP-based authentication scheme Basic Authentication. The move will impact random tenants...

Microsoft has announced it will begin disabling HTTP-based authentication scheme Basic Authentication.

The move will impact random tenants using Exchange Online worldwide from October 1, 2022.

The move to axe the old school authentication procedure, which dates back to the early 90s, was announced in September 2021, after being initially pushed back due to the pandemic.

What is Basic Authentication?

Basic Authentication is a method which allows a HTTP user agent, for example a web browser, to provide a username and password when making a request.

Microsoft says there will be no way to request an exception after October 2022.

However, Basic Authentication can be disabled at the time of the user’s choosing via using Microsoft’s Authentication Policies. 

What should users do?

Microsoft’s documentation page lists some of the most commonly encountered issues among users and what can be done to switch from basic to Modern Authentication.

This advice includes ensuring that email service Outlook for Windows is fully up to date, and has the right registry keys in place and most importantly according to Microsoft – that the tenant-wide switch to enable is set to “True”.

Microsoft reiterated that the “absolute best way” to disable Basic Authentication is to use its Authentication Policies feature.

Microsoft warned users not to use Set-CASMailbox or Conditional Access, as these are both post-authentication and though these prevent access to the data, they don’t stop the authentication access.

Microsoft did not specifically call out the reasons for the attempt to improve its ID management, however it did say that Basic Authentication “is still one of, if not the most common ways our customers get compromised, and these types of attacks are increasing”.

“We’ve disabled Basic Authentication in millions of tenants that weren’t using it, and we’re currently disabling unused protocols within tenants that still use it, but every day your tenant has Basic Authentication enabled, you are at risk from attack.”

The news follows recent findings from cybersecurity firm Guardicore that revealed a design flaw in an integral feature of the Microsoft Exchange email server can be abused to harvest Windows domain and app credentials.

The report said that the issue exists in the Microsoft Autodiscover protocol, which helps email clients discover Exchange email servers in order to receive proper configurations. 

Email remains an extremely common endpoint which allows organizations to get exposed to cybercriminals, and Microsoft has been active in terms of adding to its email security offerings.

The company recently has added a new security layer to its Office 365 email service as it looks to improve the integrity of incoming and outgoing messages.

The company says the new protection, SMTP MTA Strict Transport Security (MTA-STS), a feature it first announced in H2 2020, solves problems such as expired TLS certificates, problems with third-party certificates, or unsupported secure protocols.



from TechRadar - All the latest technology news https://ift.tt/5n8JXZB
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,108,Video,5,XIAOMI,13,YouTube - 9to5Google,107,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft to disable old school authentication for Exchange Online
Microsoft to disable old school authentication for Exchange Online
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/05/microsoft-to-disable-old-school.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/05/microsoft-to-disable-old-school.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy