Security News > 2022 > June > Start using Modern Auth now for Exchange Online

The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

"Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote.

The agency adds that Basic Auth is often used by legacy applications or custom-built business software, and that many user-facing applications, such as Outlook Desktop and Outlook Mobile App, already have been moved to Modern Auth via Microsoft security updates.

"Microsoft's move to disable basic authentication in Exchange Online is a great thing for securing the Microsoft cloud ecosystem, as we have seen legacy protocols relying on basic authentication used to bypass multi-factor authentication controls," Aaron Turner, CTO at AI cybersecurity vendor Vectra, told The Register.

Microsoft last year announced it will disable Basic Auth in Exchange Online starting October 1, 2022.

CISA recommends several steps for moving to Modern Auth, with the first one being to review Azure AD sign-in logs to find the applications and users that are authenticating with Basic Auth.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/06/29/cisa-microsoft-modern-auth/