Share via

Problem with MFA

Borut Barlič 0 Reputation points
2024-01-01T16:52:32.1066667+00:00

We have problems with someone hacking into our email accounts. We set everything to MFA but he can stil login through single authentication into exchange online. How is this possible or how can we prevent him from entering with single authentication?

Exchange Online
Exchange Online
A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.
Exchange | Exchange Server | Other
Exchange | Exchange Server | Other
A robust email, calendaring, and collaboration platform developed by Microsoft, designed for enterprise-level communication and data management.Miscellaneous topics that do not fit into specific categories.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Authenticator

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Akhilesh Vallamkonda 15,350 Reputation points Moderator
    2024-01-02T10:20:30.2366667+00:00

    Hi @Borut Barlič
    Thank you for posting your query on Q&A.
    I’m sorry to hear that your user accounts have compromised even though the MFA is enabled.
    The reason Threat Actor can still login through single authentication into Exchange Online is that your organization has not disabled the Basic Authentication. Basic Authentication is a legacy method that only requires a username and password which there is a chance of susceptible to attack, it doesn’t support multi-factor authentication (MFA), which is why the Threat Actor might still be able to access Exchange Online even if MFA is enabled.
    To Prevent this, you can disable the Basic authentication in Exchange Online for more details you can refer the Disable Basic authentication in Exchange Online.
    To protect the user accounts and password you can use below security features from Entra ID.
    Password Policy
    Account Lockout polices.
    Microsoft Entra ID Password Protection
    I hope this answer helps! please Feel free to ask any questions you may have.

    Reference: https://learn.microsoft.com/en-us/entra/identity/conditional-access/block-legacy-authentication

    https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

    Thanks,
    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

  2. Jenna A 70 Reputation points
    2024-01-01T17:40:50.0733333+00:00

    It would help if you used a VPN which would prevent this. Also, have you tried editing the settings and saving a few times, then signing out on all device and login in again.

    0 comments
  3. Gopi M 5 Reputation points
    2024-01-01T17:00:39.4366667+00:00

    Hello,

    You can try this to solve the issue:-

    1. Change the affected user password
    2. Sign-out the login sessions from Admin Portal
    3. On a MFA page, Select the affected user->Manage user Setting-> select "Delete all existing app passwords generated by the selected users".
    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.