Users can sign in to Microsoft Exchange online services using the basic authentication method, which is anchored in the HTTP standard. In fact, it is a plain text stream of the login data, which is only Base64 encoded and can be decoded very easily by virtually anyone. Microsoft will permanently disable the registration process starting October 1 of this year.
As simple as the project sounds at first, there are also some obstacles here. Many Exchange Online users use mail programs or applications that use the insecure process. in one Blog post writes Microsoftbut that many have already switched to versions that support modern authentication mechanisms.
Vulnerability Authentication
The company also writes that Basic-Auth in particular is one of the most abused vulnerabilities, if not the most, to compromise clients. The number of attacks against him is even increasing. Therefore, Basic-Auth has now been disabled for millions of Exchange Online customers. They would not have used the procedure. You also disable other unused registration methods for all clients.
Microsoft emphasizes that it wants to disable the registration process worldwide from October 1, 2022, and not completely on that date. MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, and remote PowerShell protocols are affected.
Disable SMTP AUTH Microsoft only for those clients that do not use it; where it is in use, the manufacturer does not touch the configuration. Here, however, the authors of the article add the recommendation to disable the procedure for the instance and enable it only for individual accounts that really need it.
In their article, the authors also provide advice on how some of the most important applications and programs can be switched to modern authentication. They describe procedures for Outlook, POP/IMAP as it relates to OAuth, EWS apps, ActiveSync, PowerShell scripts, Reporting Web Services, and Microsoft Teams Rooms. If the access software is customized, Exchange Online administrators can turn off Basic authentication themselves. Microsoft provides a guide ready for it.
(DMK)
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.
