Forum Discussion
Block legacy auth in Exchange Online
Today Microsoft announced the release of a new feature intended to help you put an end to all those password spray attacks we've been seeing lately. Namely, the feature allows you to configure a poli...
I did this for our Exchange Online a week ago but have seen no reduction in these login attempts (see below), which continue to pour in from places like China, as reported by the AAD portal.
Why? Basic auth is disabled for all accounts, and it's definitely long since kicked in, since we've had several Apple users who've had to update their clients to login.
Does this suggest that hackers can be just as aggressive with modern auth? Or that there's some piece of basic auth still around (aside from "AllowBasicAuthLogExport")? This feature is in Preview, after all.
Status: Failure
Sign-in error code: 50053
Failure reason: Account is locked because user tried to sign in too many times with an incorrect user ID or password.