Comments on: Blocking Basic Authentication to Exchange Online https://practical365.com/blocking-basic-authentication/ Practical Office 365 News, Tips, and Tutorials Tue, 02 Nov 2021 18:22:22 +0000 hourly 1 https://wordpress.org/?v=6.6.1 By: <div class="apbct-real-user-wrapper"> <div class="apbct-real-user-author-name">Tony Redmond</div> <div class="apbct-real-user-badge" onmouseover=" let popup = document.getElementById('apbct_trp_comment_id_236996'); popup.style.display = 'inline-flex'; "> <div class="apbct-real-user-popup" id="apbct_trp_comment_id_236996"> <div class="apbct-real-user-title"> <p class="apbct-real-user-popup-header">The Real Person!</p> <p class="apbct-real-user-popup-text">Author <b>Tony Redmond</b> acts as a real person and passed all tests against spambots. Anti-Spam by CleanTalk.</p> </div> </div> </div> </div> https://practical365.com/blocking-basic-authentication/#comment-236996 Tue, 02 Nov 2021 18:22:22 +0000 https://www.practical365.com/?p=41613#comment-236996 In reply to Pete.

If an account doesn’t have an authentication policy assigned, Exchange uses the default policy for the organization (the one managed through the Microsoft 365 admin center). If you want to assign a non-default policy to accounts, you need to run the Set-User cmdlet to do this, and remember to do so to assign the policy to new accounts after creation.

]]> By: Pete https://practical365.com/blocking-basic-authentication/#comment-236995 Tue, 02 Nov 2021 16:04:55 +0000 https://www.practical365.com/?p=41613#comment-236995 Hello quick question, for a customer that has a tenant prior to authentication policies being a thing therefore the tenant had no authentication policy, when creating a new authentication policy and making it the default policy for the organization, is it expected that users authentication policy is still listed as “null” ?

]]> By: chabi https://practical365.com/blocking-basic-authentication/#comment-235049 Thu, 27 May 2021 22:00:52 +0000 https://www.practical365.com/?p=41613#comment-235049 If I block basic authentication in exchange online, will the azure ad sign-in log?
Will exchange online implement user blocking due to brute force attacks?
Or, Is the user not locked?

]]> By: Nezgar https://practical365.com/blocking-basic-authentication/#comment-234759 Mon, 17 May 2021 07:40:31 +0000 https://www.practical365.com/?p=41613#comment-234759 In reply to Winston.

This is because the authentication policy only disables Basic Auth for the protocols, the protocols themselves are not disabled. You could still auth with Modern Auth. The CasMailbox attributes disable the protocol entirely.

]]> By: Winston https://practical365.com/blocking-basic-authentication/#comment-230553 Thu, 06 Aug 2020 08:02:35 +0000 https://www.practical365.com/?p=41613#comment-230553 Hi, I ran into an issue.

Step 1
Get-CASMailbox -identity | fl Name,OwaEnabled,MapiEnabled,EwsEnabled,ActiveSyncEnabled,PopEnabled,ImapEnabled

Showed that all 6 are True, so next

Step 2
New-AuthenticationPolicy -Name “Disable all BasicAuth”

Step 3
Get-AuthenticationPolicy -Identity “Disable all BasicAuth”

It showed all to false

Step 4
Set-User -Identity -AuthenticationPolicy “Disable all BasicAuth”

Step 5
Set-User -Identity -STSRefreshTokensValidFrom $([System.DateTime]::UtcNow)

Step 6
Get-User -Identity | fl auth*

Result
AuthenticationPolicy : Disable all BasicAuth

Last Step

Get-CASMailbox -identity | fl Name,OwaEnabled,MapiEnabled,EwsEnabled,ActiveSyncEnabled,PopEnabled,ImapEnable

It still shows as True, any thoughts

]]> By: betty stolwyk https://practical365.com/blocking-basic-authentication/#comment-229795 Thu, 04 Jun 2020 04:31:34 +0000 https://www.practical365.com/?p=41613#comment-229795 In reply to Rick.

To list accounts and any assigned authentication policy

Connect-AzureAD
Get-user | where recipienttype -eq usermailbox | ft identity,authenticationpolicy

]]> By: Alex Moss https://practical365.com/blocking-basic-authentication/#comment-228922 Mon, 02 Mar 2020 16:38:34 +0000 https://www.practical365.com/?p=41613#comment-228922 Hi Steve
Great article, I am sure you will be getting lots of hits on this now that is being enforced in October this year. The Feb update we just received suggested this can now be reported on it which will really help seeing what admin’s are up against. https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-auth-and-exchange-online-february-2020-update/ba-p/1191282

This will also help identify older clients prior to Outlook 2013 that will not support modern authentication.
Thanks Alex

]]> By: Manento Kitururu https://practical365.com/blocking-basic-authentication/#comment-228190 Mon, 14 Oct 2019 15:43:51 +0000 https://www.practical365.com/?p=41613#comment-228190 Hi Steve

We are using Exchange2016 and all our client PC are connected to the DOAMIN…We still have this problem when users connect to outlook it prompts for the password..Could you please assist me on this,how do i get a permanent solution?

Regards,
Manento.

]]> By: Ted https://practical365.com/blocking-basic-authentication/#comment-211371 Wed, 29 May 2019 00:58:46 +0000 https://www.practical365.com/?p=41613#comment-211371 In reply to NYer.

Add reg keys to support modern auth for Office 2013

]]> By: NYer https://practical365.com/blocking-basic-authentication/#comment-205115 Thu, 25 Apr 2019 15:39:52 +0000 https://www.practical365.com/?p=41613#comment-205115 Hi

Thanks; but you are missing a HUGE piece of the puzzle.

How about the fact that legacy clients are not IP location aware? Clients that use basic authentication are NOT IP aware so using method above simply turns off basic authentication for everybody inside and outside. So if you have users inside the network that have outlook 2010/2013 then they won’t be able to connect even if you do IP exclusions!!!

How do you block basic authentication ONLY externally as I had mentioned before; you can’t do it with Azure Conditional access or above method?

]]>