Forum Discussion
vas_ppabp_90
Jul 07, 2020Brass Contributor
Methods to disable basic authentication - Services not being used Protocols/Services
Hi All, I guess one of the most common (and often successful) attacks we see is a simple brute force/password spray against weak accounts - especially shared mailboxes. From that particular access...
VasilMichev
Jul 07, 2020MVP
If you're only concerned with Exchange, use an auth policy - it blocks any attempts on the pre-auth layer, so they don't even reach Azure AD. Complementing this with a CA policy that blocks legacy auth is also a good idea.
vas_ppabp_90
Jul 08, 2020Brass Contributor
Those protocols are only at the exchange levels, we have already implemented CA policies for elevated privilege accounts, which don't have any further services assigned.
Auth policy has me on the fence at this stage as the underlying attempt is blocked at the pre-auth layer, I would still like to review failed attempts as this is a requirement. So will most likely be leaning towards disabling at the cas level.
The other CA policy implemented is currently set on reporting, along with a workbook created in order to pull down the insights - so we can work towards disabling the other basic auth protocols.