Hi All,
I guess one of the most common (and often successful) attacks we see is a simple brute force/password spray against weak accounts - especially shared mailboxes. From that particular access, the most common next step attackers will take is to send out spam/phishing emails from the compromised account.
Even with Modern Authentication and MFA enabled, I guess we are still open to types of attacks.
Obviously basic authentication is enabled by default, and basic auth does not support MFA to begin with And essentially means that you can get in with nothing more than a username and password.
With the thought of having MFA not enabled just yet, switching completely to modern authentication and disabling basic is a major security improvement in itself.
For example, credentials in a modern auth compatible app are not stored on the client device, and when the connection state changes the client is required to re-authenticate.
So it currently has got me thinking, even with enabling MFA for all of our users, its still half the job complete - so I guess I boast the question to the greater community in regards to the best way to approach disabling the less secure protocols (IMAP/POP/SMTP AUTH) MS Best practice would suggest to turn off any services which you are not using.
So I do boast the question and we really want to make this roll out a streamlined as possible with the disabling of IMAP/POP/SMTP AUTH firstly, we still have a few other services that users are grumpy about the disabling of.
So what method works best?
1. Disabling IMAP/POP/SMTP auth via Set-CasMailbox - although mailboxplans do not accept disabling SMTP auth at that level.
2. Creating a Authentication Policy and disable the protocols.
3. Using CA disabling all legacy authentication protocols.
Happy to suggestions - or open to anyone's recommendations when going through the above.
