Forum Discussion
VasilMichev
Oct 17, 2018MVP
Block legacy auth in Exchange Online
Today Microsoft announced the release of a new feature intended to help you put an end to all those password spray attacks we've been seeing lately. Namely, the feature allows you to configure a poli...
VasilMichev
Oct 20, 2018MVP
It is different from CA, the feature works by blocking the request at the Exchange server layer, even before redirecting to the auth provider.
Deleted
Oct 20, 2018Thanks for confirming
Am I right in thinking the end result would be the same though? Basic auth'd blocked using CA would be the same as blocking it on EXO?
- VasilMichevOct 21, 2018MVP
Yup, but one of the benefits you get from this method, apart from the greater granularity, is that blocked/failed (or god forbid successful) logins will not trigger the lockout windows, as the request never reaches Azure AD. With CA policies, the block happens after authentication, at that point the account is compromised.