We have recently seen several indicators that show that many of our customers are being targeted by password spray attacks that leverage basic authentication.
The only reason we’re turning off basi...
Updated Oct 05, 2022
Version 4.0
Blog Post
What options do I have to protect Exchange 2019 endpoints (like for autodiscover, activesync and EWS) from password spray attacks?
My firm’s mailboxes are still all on-prem in Exchange 2019 servers. Our exchange endpoints are block by firewall from public internet, and only allowed access to O365 IP.
Currently we still have some activesync native iOS/android mail app users using basic auth to authenticate, activesync connection is proxied via MobileIron.
We want to slowly convert those users to modern auth, but don’t see any way to do it except exposing our autodiscover/activesync endpoints out to the public first with both Basic and modern auth enabled.
We would like to protect those endpoints externally from basic auth/password spray attacks – that causes our user AD accounts to be locked. Once all the native iOS/Android mail clients are converted, we will then implement Authentication Policy to block basic.