SharePoint Online Basic Auth Reporting

Question

Can anyone explain why certain SharePoint Online Basic Auth client connections appear under 'non-interactive sign-ins' which goes against what I understood that all Basic Auth traffic would be classed as interactive because a username / password was being passed during each connection where as non-interactive would be when a refresh token is being called by an access token (not a username / password).

But it would seem there are 'Other client' client app (suggesting Basic Auth) usage being listed under non-interactive for SharePoint Online ...

Any explanation would be much appreciated, if its 'just the way it is' then i can accept it, but would appreciate to understand why this is, As when doing Exchange Online Basic Auth analysis we could solely rely on interactive sign-ins only.

Answer 1

Understanding the classification of SharePoint Online Basic Auth client connections in the context of 'interactive' vs. 'non-interactive' sign-ins can indeed be a bit perplexing. Let's break down the concepts and then address the specific behavior you're observing.

Interactive vs. Non-Interactive Sign-ins:

Interactive Sign-ins: These typically involve direct user interaction at the time of sign-in. This includes scenarios where a user manually enters their username and password.

Non-Interactive Sign-ins: These are usually automated sign-ins where there is no direct user interaction, such as when a token is used for authentication.

Basic Authentication:

• Basic Authentication in SharePoint Online involves passing the username and password with each request. It's commonly perceived as an 'interactive' process since credentials are provided by the user.

However, the way SharePoint Online categorizes Basic Auth connections under 'non-interactive sign-ins' can be attributed to how these sign-ins are processed and logged. Here are a few points that might explain this behavior:

Automated Processes: Even though Basic Auth involves credentials, certain automated processes using Basic Auth might be logged as non-interactive. This could be due to the way these automated scripts or services authenticate with SharePoint Online, where there's no active user interaction at the time of authentication.

Logging Mechanisms: SharePoint Online might have different logging mechanisms or criteria for categorizing sign-ins as interactive or non-interactive. The system might be designed to classify certain types of Basic Auth traffic, particularly those from certain client applications, as non-interactive.

Security and Compliance Tools: The tools used for monitoring and reporting might interpret Basic Auth connections differently based on their configuration or the nature of the client application.

Microsoft's Evolving Authentication Policies: Microsoft has been moving away from Basic Authentication due to security concerns. This transition might influence how authentication methods are logged and reported.

While it might be challenging to find a definitive public-facing document explaining this specific behavior, you can consider:

• Reviewing detailed logs to understand the context of these sign-ins.
• Reaching out to Microsoft support or community forums for more specific insights.
• Keeping up-to-date with Microsoft's documentation and updates on authentication practices, as these are subject to change.

For more detailed and updated information, you can refer to the Microsoft Docs - SharePoint Online and Azure AD sign-in documentation.

Hope this helps!