How do I Enforce MFA on EWS

%3CLINGO-SUB%20id%3D%22lingo-sub-1809341%22%20slang%3D%22en-US%22%3EHow%20do%20I%20Enforce%20MFA%20on%20EWS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1809341%22%20slang%3D%22en-US%22%3E%3CP%3EI%20just%20tested%20Office365%20credentials%20with%20the%20MailSniper%20tool%20and%20found%20that%20using%20EWS%20I%20was%20able%20to%20bypass%20MFA.%20How%20do%20I%20remediate%20this%3F%20Is%20it%20as%20simple%20as%20enabling%20Modern%20Authentication%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1809341%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1809620%22%20slang%3D%22en-US%22%3ERe%3A%20How%20do%20I%20Enforce%20MFA%20on%20EWS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1809620%22%20slang%3D%22en-US%22%3E%3CP%3EThat%2C%20and%20disabling%20legacy%20auth.%20Make%20sure%20all%20clients%20in%20use%20within%20your%20organization%20support%20modern%20auth%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

I just tested Office365 credentials with the MailSniper tool and found that using EWS I was able to bypass MFA. How do I remediate this? Is it as simple as enabling Modern Authentication?

1 Reply

That, and disabling legacy auth. Make sure all clients in use within your organization support modern auth though.