Description
- Type: CUSTOMER
- Severity: CRITICAL
- Protection against: HACKING
- CIS: M365 1.1.6 - (L1) Enable Conditional Access policies to block legacy authentication
- FIX Available: YES
This Customer Check verifies via Secure Score if legacy authentication is disabled.
Why this check?
Outdated - legacy - authentication protocols, used by outdated client software like Outlook 2013, do not support multi-factor authentication. So even if MFA is enabled, it is possible to log into your tenant via the outdated protocols without MFA. Therefore, these protocols are frequently used by attackers. Blocking legacy authentication makes it harder for attackers to gain access.
CIS Benchmarks
This measure aligns with the following item from the Center for Internet Security (CIS) Microsoft 365 Foundations Benchmark:
- CIS M365 1.1.6 - (L1) Enable Conditional Access policies to block legacy authentication
What are the possible outcomes of the check?
This check has two possible outcomes. In Attic, this is reflected as follows:
- Okay: Legacy authentication protocols are actively blocked
- Critical: Legacy authentication is not blocked
How should this be followed up?
If the output is Critical , we advise disabling legacy authentication protocols for all users. Depending on your environment, there are two options:
By enabling Security Defaults (see Check-1127)
By executing our fix.
More information: Block legacy authentication - Azure Active Directory | Microsoft Docs
Comments
0 comments
Please sign in to leave a comment.