Microsoft in May kicked off a major push to get all Azure AD customers to adopt Modern Auth by rolling out "security defaults", which are aimed at smaller customers to ensure they have basic security hygiene, especially MFA, regardless of the license they had. It's previously said that 99% of compromised Microsoft accounts did not have MFA enabled. In February, Microsoft warned that just 22% of customers that use Azure Active Directory (AAD) had implemented "strong identity authentication" as of December 2021. There are 921 password attacks every second - nearly doubling in frequency over the past 12 monthsĪzure AD accounts in organizations that have disabled legacy authentication experience 67% fewer compromises than those where legacy authentication is enabled More than 97% of credential-stuffing attacks use legacy authentication Ive seen this used in a lot of cases where legacy on-prem apps still need to connect via EWS/SMTP/IMAP. More than 99% of password-spray attacks use legacy authentication protocols 1 Answer Sorted by: 1 If you have security defaults enabled, basic auth will be blocked but if you are using conditional access policies you can exempt any/all users from blocking legacy auth. CISA's guideline for switching off Basic Auth highlights several reasons Microsoft has given for moving to Modern Auth:
0 kommentar(er)
