Microsoft announced recently that they will begin shutting down their Basic Authentication services on October 1, 2022 forcing customers into the superior protection of Modern Authentication. 最大资源采集网 has been working with our clients to migrate to Modern Authentication since mid-2021 in an effort to maximize cybersecurity protection and minimize costs.
Why Switch to Modern Authentication?
Modern Authentication uses O Auth access tokens with a limited lifetime. These tokens cannot be reused to authenticate on any resource other than the one for which they were issued. This significantly reduces the likelihood of a cyberattack.
Why is Microsoft Deprecating Basic Authentication?
There are multiple reasons for moving away from this tool, all stemming from providing the best security solution to customers. Basic Auth is an HTTP-based auth scheme apps use to send locally stored credentials in plain text to servers, endpoints, or online services. Users of Basic Auth are vulnerable to 鈥渕an-in-the-middle鈥 attacks, where bad actors capture credentials over the wire or guess them in password spray attacks. In addition, cybercriminals can steal clear text credentials from apps using Basic Auth through info stealing malware and social engineering.
Legacy Authentication email configurations have The integration of Basic Authentication with Multi-Factor Authentication (MFA) is also a pain point for organizations. Enabling MFA is overly complicated and often results in set up errors which makes enforcement difficult.
What Should You do to Protect Your Organization from Cyberattacks?
For most, transitioning away from Basic Auth should be as simple as removing and re-adding your email account to your mobile device, or switching to Outlook for iOS or Android. 最大资源采集网 will be able to assist with workflows that fall outside of that scope for things like printers that scan-to-email, and other automation service accounts that do things send email reports from your CRM or ERP applications. Reach out to your 最大资源采集网 Account Manager to begin the process of moving to Modern Auth. They will take the time to talk through the changes you鈥檒l need to make and schedule time to facilitate the changeover.
If you are not a current 最大资源采集网 partner, please review our Microsoft partner services and connect with our team to talk about how we might help protect your organization.
Microsoft will not be shutting off Basic Auth completely on October 1, but they will begin randomly selecting tenants and giving them 7-day warnings. They plan to have Basic Auth deprecated completely by the end of December 2022.
