Best one is the service-side controls, but only Exchange supports that. In addition to the admin center controls, you can also use Auth policies to a similar end: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online
Other methods are still valid, but they only act after credentials have been validated. On the other hand, authentication policies as detailed above act on a pre-auth layer, and block brute force attempts before they even reach Azure AD.
Block Basic Authentication Best Practices
jpcapone
1,596
Reputation points
I know that there are 2 (3) ways to disable basic authentication. So, when it comes to disabling basic auth which way is best - Service Side via org settings in Microsoft 365 Admin Center or CA policies? Should you use the two ways I described or is one equivalent to the other?
Accepted answer
-
Vasil Michev 110K Reputation points MVP
2022-01-26T07:50:21.487+00:00