Forum Discussion
Block legacy auth in Exchange Online
Today Microsoft announced the release of a new feature intended to help you put an end to all those password spray attacks we've been seeing lately. Namely, the feature allows you to configure a poli...
It is different from CA, the feature works by blocking the request at the Exchange server layer, even before redirecting to the auth provider.
Thanks for confirming
Am I right in thinking the end result would be the same though? Basic auth'd blocked using CA would be the same as blocking it on EXO?
Yup, but one of the benefits you get from this method, apart from the greater granularity, is that blocked/failed (or god forbid successful) logins will not trigger the lockout windows, as the request never reaches Azure AD. With CA policies, the block happens after authentication, at that point the account is compromised.