Microsoft confronts cyberthreats by eliminating basic authentication.

Weak authentication systems in web applications and services are a Trojan horse for cyber attacks. In order to counteract them, logins with double or multiple authentication factor are already used in a large number of services, where the user often has to confirm access by entering a token sent to the phone via SMS or even by fingerprint. Today we know that basic systems based on a username and password have proven to be ineffective against a large percentage of attacks.

However, according to the latest Cyber Signals report from Microsoft elaborated with data from 1.2 billion Azure users, only 22% of users have this mechanism enabled, although Azure technology allows the user to enable or disable this security measure.

Why is it important to strengthen authentication?

According to Microsoft data, 50 million password attacks occur every day. 

In its fight against cyber-attacks, Microsoft has been betting heavily on the double authentication factor for several years, and in order to avoid attacks that can be solved by this measure, it has set an expiration date for protocols that do not allow this type of authentication.

As a result, all companies that have an O365 tenant and use basic or legacy authentication protocols, as well as weak encryption protocols (TLS 1.0 TLS 1.1 and 3DES) will see these services stop working over the next few months.

What is basic authentication in Microsoft?

Basic or legacy authentication methods are those that are based on username and password only. In contrast, modern authentication at Microsoft refers to a combination of authentication and authorization methods that include multi-factor authentication (MFA) methods, authorization methods (OAuth) and conditional access policies to Microsoft cloud services (Azure).

How will the end of basic authentication affect this?

Microsoft will begin to deprecate basic authentication from July 2022.

It affects all Microsoft services, from Office tools, Outlook, etc. to network services such as Microsoft Exchange.

Muchos de estos servicios se encuentran en sistemas operativos o software de Windows que ya no cuentan con soporte, por lo que suponen a día de hoy un riesgo adicional en la ciberseguridad de las empresas, ya que no pueden actualizarse contra las nuevas amenazas. Los protocolos que no podrán funcionar con autorización básica son MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS) y Remote PowerShell.

Microsoft 365 Audit

Find out how to prevent the end of Basic Authentication
disable your Microsoft services.

Download the free guide in this form.