Modern Authentication on the other hand is based on ADAL (Active Directory Authentication Library) and OAuth 2.0. So each app can have access to all the data of the user. Another problem with basic authentication is that you can’t define the permission scope for the application. This means that the app has stored the credentials of the user somewhere in the application’s storage, making it vulnerable to attackers. With basic authentication, each app or add-in that needs to authenticate against Office 365 will pass the credentials of the user with each request. Basic Authentication vs Modern Authenticationīasic Authentication is the old way of logging in with only a username and password.
So now is a really good time to take a closer look at Modern Authentication and how you can enable it in your Office 365 tenant. Starting in June 2021, Microsoft will start with disabling the Basic Authentication method for the tenants who don’t use it. But still, a lot of existing tenants are using basic authentication and/or the old protocols. Modern Authentication is enabled by default in Office 365 for tenants created after Aug 2017. Especially in combination with legacy protocols, like SMTP and IMAP. This makes your tenant really vulnerable to attacks. Phishing emails for example are an effective way for criminals to get the users’ credentials. It’s more secure than the Basic Authentication method, which relied only on a username and password.Īs we all know by now, usernames and passwords get easily stolen. Modern Authentication in Office 365 is a combination of authentication and authorization methods.
0 kommentar(er)
