This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Here's how:
There was a hint in the article that one reason to do it is to stop repeated attacks on the myriad legacy protocols, but we're not seeing that it helped. According to Sign-Ins in AAD, even days later, there are still the usual login attempts from China etc. against Exchange Online. Unfortunately, the log isn't specific about how these attempts are being made, so there's no proof that it's via basic authentication.
Yet, I have seen some comments from people saying that it stops this problem cold, so what I'm seeing is quite puzzling.
Microsoft 365 features that help users manage their subscriptions, account settings, and billing information.
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
Hello there,
According to your test disable basic authentication working as expected (When I try to login against IMAP, no matter how many times I do it , those attempts never reach the AAD log).
About hackers query you should submit your feedback to Office 365 UserVoice.
Thanks,
Done. I also included some bonus PowerShell results to paint a more complete picture.
Hi Rseiler,
Thanks for the reply. I totally understand your concern. However, Blocking Basic authentication can help protect your Exchange Online organization from brute force or password spray attacks. This feature as it helps prevent these types of attacks from compromising our data and users.
Please connect to Exchange Online PowerShell run the following cmdlet below and provide us output result screenshot via the private message.
Get-Recipient -RecipientTypeDetails usermailbox -ResultSize unlimited | Get-User | Format-Table Displayname, Authentic*, sts*
Moreover, regarding “According to Sign-Ins in AAD, even days later, there are still the usual login attempts from China etc. against Exchange Online”, could you please also provide us with the detailed information/screenshot about the issue via Private Message for further analysis.
Your understanding will be highly appreciated.
Best regards,
Shyamal
Yes, I saw that, but none of those caveats really apply (#1--all users are blocked from basic auth; #2 long since done; #3 N/A).
What I'm hoping to achieve here is hearing whether or not people have seen a change in the rogue login attempts after doing this.
Hello there,
This is comment from MS "We had been holding back on moving from private to public preview primarily due the first two of these - a tenant admin could misconfigure something and not realize until it’s too late due to the lack of reporting and the delayed effect of policy change."
There are three important caveats to this feature:
#There is a lack of telemetry for tenant admins allowing them to report on which users are using Basic Auth (and with which protocol) and once a block is enabled, whether such traffic was blocked. In other words, we can’t really tell you how well the block is working.
to take some action if you want it to happen faster.
#If a user’s identity has not been replicated to Azure AD/Exchange Online, they will not be blocked and so any request received by Exchange Online will be routed to the authoritative Security Token Service (STS) where it is likely to fail. This same behavior also means that any authentication requests for unknown users in a tenant (such as might happen during a password spray attack) will also be forwarded to the authoritative STS for the domain.
Scroll down the blog and logged in to post a comment. The Exchange Team will help you understand this feature https://blogs.technet.microsoft.com/exchange/2018/10/17/disabling-basic-authentication-in-exchange-online-public-preview-now-available/
Or you can go to the Feedback and sign in to comment https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online
Thanks,