Microsoft then increased the pace in September 2019 by announcing that they will turn off basic authentication for Exchange ActiveSync (EAS), POP3, IMAP4 and Remote PowerShell in October 2020. EWS has a limited lifespan and it is a good idea at this point to consider moving code to a Graph-based implementation. This means that anyone using code built with EWS must upgrade to OAuth 2.0 and use that for authentication. In March 2018, Microsoft flagged the need for tenants to move away from basic authentication by announcing that support for basic authentication for Exchange Web Services will cease on October 13, 2020. Basic Authentication Deprecation for Multiple Connection Protocols
Tenant administrators can deploy authentication policies to restrict the number of connection protocols that can be used with basic authentication for mailboxes. The introduction of protocol authentication policies in 2018 was a good step forward. They own protocols like IMAP4, POP3, SMTP, and so on.
Eliminating basic authentication is high on the agenda of the Exchange Online team. Too slowly, but at least we see some progress.
The message about the need to secure accounts with MFA is slowly getting through. Second, basic authentication is an invitation for an attacker to probe for weakly secured accounts using multiple connection protections, including SMTP. First, multi-factor authentication (MFA) is a very good thing and will block 99.9% of account compromise attacks. There are two things certain in Office 365 security. The Need to Eliminate Basic Authentication (and use MFA)
0 kommentar(er)
