![]() ![]() Therefore, to properly eliminate the risk of attacks via Exchange Online Legacy protocols the protocols must either be switched off altogether or one needs to create Exchange Authentication policies using PowerShell. Azure Active Directory returns a user ticket to Exchange Online, and the user is authenticated.Ĭonditional Access policies are only evaluated after step 2 and before step 3 in the above process.Exchange Online sends the username and password to Azure Active Directory.The email client sends the username and password to Exchange Online.Basic steps for cloud-based authentication in Exchange Online The basic steps are shown in the image below. These legacy protocols in Exchange Online perform pre-authentication before passing the request on to Azure Active Directory and then only Conditional Access policies are applied. Nearly 100% of password spray attacks, credential stuffing, and brute force attacks use legacy authentication protocols! Because legacy authentication protocols don’t support interactive sign-in, which is required for additional security challenges like multi-factor authentication and device authentication. ![]() Because these protocols DO NOT support modern authentication, they cannot support multi-factor authentication (MFA). Certain protocols in Exchange Online especially only support legacy forms of authentication. Legacy Authentication, or basic authentication as it is also known, refers to authenticating with only a username and a password. I recently had a fun discussion with the folks at SCI Fridays where we likened legacy authentication to letting your children go naked in public. You know it’s bad, and you have a policy to block it but are you still at risk? ![]()
0 Comments
Leave a Reply. |