Description
- Type: CUSTOMER
- Severity: WARNING
- Protection against: HACKING
- CIS: M365 1.2 - (L1) Ensure modern authentication for Exchange Online is enabled
- FIX Available: YES
This Customer Check verifies if modern authentication is enabled in the Microsoft environment.
Why this check?
Modern authentication offers various functionalities that enhance the security of the tenant. For instance, it allows users to authenticate with multiple factors (Multi-Factor Authentication (MFA)).
The use of legacy authentication leads to potential security risks. This form of authentication does not support MFA and works with an outdated username and password screen. This makes it easier for an attacker to take over an account.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 1.2 - (L1) Ensure modern authentication for Exchange Online is enabled
What possible outcomes does the check have?
This check has a binary function. There are only two options: modern authentication is ON or OFF. In Attic, this is reflected as follows:
- Okay: modern authentication is ON
- Warning: modern authentication is OFF, action from the customer is required
How should this be followed up?
If the check results in an output of Warning, we advise enforcing modern authentication AND disabling legacy authentication. A FIX for Modern Authentication is available and will be offered via a ticket.
In another check, Attic verifies if legacy authentication is disabled.
CHK-1325 - Legacy authentication disabled
Comments
0 comments
Please sign in to leave a comment.