Forum Discussion
Methods to disable basic authentication - Services not being used Protocols/Services
If you're only concerned with Exchange, use an auth policy - it blocks any attempts on the pre-auth layer, so they don't even reach Azure AD. Complementing this with a CA policy that blocks legacy auth is also a good idea.
- vas_ppabp_90Jul 08, 2020Brass Contributor
Those protocols are only at the exchange levels, we have already implemented CA policies for elevated privilege accounts, which don't have any further services assigned.
Auth policy has me on the fence at this stage as the underlying attempt is blocked at the pre-auth layer, I would still like to review failed attempts as this is a requirement. So will most likely be leaning towards disabling at the cas level.
The other CA policy implemented is currently set on reporting, along with a workbook created in order to pull down the insights - so we can work towards disabling the other basic auth protocols.