![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft 365 and Office | Subscription, account, billing | For home | Windows
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Hi Imed Thank you for posting on Microsoft Community. I will be happy to help. I am a user just like you and only trying to advice/ assist in a best possible way I could resolve your issue.
Here's an explanation of the situation and steps to block the BAV2ROPC user agent: Understanding BAV2ROPC:
BAV2ROPC stands for "Basic Authentication Version 2 Resource Owner Password Credential." It's a user agent commonly used by older email apps and devices that rely on basic authentication to access email accounts. Basic authentication is considered less secure than modern authentication methods like OAuth 2.0, as it transmits login credentials (username and password) in plain text, making them vulnerable to interception. Hackers often target basic authentication to brute-force passwords and gain unauthorized access to accounts. The multiple login failures you're seeing from different IPs and countries suggest an automated attack attempting to exploit basic authentication vulnerabilities.
Blocking BAV2ROPC:
Disable Basic Authentication: The most effective way to block BAV2ROPC is to disable basic authentication entirely on your email server or application. This forces all clients to use more secure authentication methods. However, check compatibility first, as some older devices or apps might not support modern authentication.
Conditional Access Policies: If you're using Microsoft 365, leverage conditional access policies to block BAV2ROPC specifically. These policies allow you to create rules that restrict access based on user agents, IP addresses, locations, and other factors. Firewall Rules:
If you have control over your firewall, you can create rules to block traffic from IP addresses or countries associated with the BAV2ROPC user agent. However, this might be less effective as attackers often use proxy servers to mask their IPs.
Additional Recommendations: Implement strong password policies for all accounts to make them harder to crack. Enforce MFA whenever possible to add an extra layer of security, even if basic authentication is still enabled. Keep an eye on login logs for suspicious activity and block IP addresses that exhibit excessive failed login attempts. Regularly update your email server or application to apply security patches and address known vulnerabilities.
Remember: It's crucial to prioritize security measures that address the root cause (basic authentication) rather than solely relying on blocking specific user agents, as attackers can adjust their techniques.
Hope this helps! Kind regards -Adedayo