Block Basic Authentication Best Practices

jpcapone 1,301 Reputation points
2022-01-26T03:11:41.66+00:00

I know that there are 2 (3) ways to disable basic authentication. So, when it comes to disabling basic auth which way is best - Service Side via org settings in Microsoft 365 Admin Center or CA policies? Should you use the two ways I described or is one equivalent to the other?

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,389 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,792 questions
0 comments No comments
{count} votes

Accepted answer
  1. Vasil Michev 96,436 Reputation points MVP
    2022-01-26T07:50:21.487+00:00

    Best one is the service-side controls, but only Exchange supports that. In addition to the admin center controls, you can also use Auth policies to a similar end: https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online
    Other methods are still valid, but they only act after credentials have been validated. On the other hand, authentication policies as detailed above act on a pre-auth layer, and block brute force attempts before they even reach Azure AD.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful