Forum Discussion
Tomas_S_
Mar 30, 2023Copper Contributor
Allow access to basic authentication protocols
I have disabled the basic/legacy authentication methods from M365 admin center.
If I run this command
Get-OrganizationConfig | Select-Object -ExpandProperty DefaultAuthenticationPolicy | ForEach { Get-AuthenticationPolicy $_ | Select-Object AllowBasicAuth* }
I get the following results:
AllowBasicAuthActiveSync : False
AllowBasicAuthAutodiscover : False
AllowBasicAuthImap : False
AllowBasicAuthMapi : False
AllowBasicAuthOfflineAddressBook : False
AllowBasicAuthOutlookService : True
AllowBasicAuthPop : False
AllowBasicAuthReportingWebServices : True
AllowBasicAuthRest : False
AllowBasicAuthRpc : False
AllowBasicAuthSmtp : False
AllowBasicAuthWebServices : False
AllowBasicAuthPowershell : False
Why aren't AllowBasicAuthReportingWebService and AllowBasicAuthOutlookService blocked? Shouldn't they all be blocked? I went through our sign-in logs and noticed that hackers are trying in using AllowBasicAuthReportingWebServices.
- The UI in Admin Center doesn't set the policies for those protocols. You can only set those with PowerShell, and I'd suggest you do it. Just modify the parameters in your default auth policy and block them.
When we block basic auth at the tenant level, we don't use Auth Policies, so a protocol can be blocked, even if the Auth Policy says it's enabled.
For the two you call out, RWS and OutlookService - we're going to block those too in the coming weeks and months.
- Greg Taylor - EXCHANGE
Microsoft
The UI in Admin Center doesn't set the policies for those protocols. You can only set those with PowerShell, and I'd suggest you do it. Just modify the parameters in your default auth policy and block them.
When we block basic auth at the tenant level, we don't use Auth Policies, so a protocol can be blocked, even if the Auth Policy says it's enabled.
For the two you call out, RWS and OutlookService - we're going to block those too in the coming weeks and months.- Tomas_S_Copper ContributorHi,
I will block those. Thank you.
- did you create a conditional access policy to block any legacy authentication to your tenant ?
- Tomas_S_Copper Contributor
Yes, we have a conditional access policy blocking legacy auth but I'm not sure if it's blocking these.
- That's something you (your tenant) is controlling via the corresponding Auth policy. The server-side controls are another layer on top of that, and only exposed via the BasicAuthBlockedApps property.
In any case, you can try toggling those off via Set-AuthenticationPolicy.