Several months ago we added a feature to the Microsoft 365 Roadmap which generated a lot of interest. The feature was named Disable Basic Authentication in Exchange Online using Authentication Polici...
Updated Jul 01, 2019
Version 2.0
Blog Post
3 MIN READ
Disabling Basic authentication in Exchange Online – Public Preview Now Available
Any news on plans for which users are using Basic Auth (and with which protocol)? I don't see it possible to disable this until we have some reports.
- You can see which users are in which policy, so you'll know who can use what:
Get-Recipient -RecipientTypeDetails UserMailbox -ResultSize Unlimited | Get-User | Format-Table DisplayName, AuthenticationPolicy, Sts*
But determining specific protocol use is another matter. For that, you have to do some divining from the ADD Sign-in logs, which should be done before implementing policies.
What I'd like to know is once the policy has been applied company-wide in a non-hybrid environment (pure Office 365), and is in effect (more than enough time has passed and/or tickling has occurred), is it expected that bogus login attempts (and subsequent lockouts) from foreign climes against Exchange Online--a very common problem--should come to a halt or not? Some people say yes, it stopped them completely, but I'm seeing no change, they keep hammering away, and I don't know why.