Legacy auth: how to tackle it!
Microsoft will disable basic auth on October 2022.
There is no reason to wait with moving to modern auntill until Microsoft forces you to do so. There are BIG SECURITY RISK with using legy auth protocols.
In this video I will be explaining where you can identity these protocols, explain the authentication mechanic that attackers use to find out of they filled in the correct password, even if your blocking legacy auth it with a conditional access policy. As only using a CA policy to block legacy protocols will lead to alert spam from identity protection and Microsoft Defender for Cloud Apps.
I will also introduce you to the legacy auth workbook in Azure Active directory, where you can start planning your move to Modern Auth. This workbook will show you what account is still using which protocol. From there you can pivot to the application that is still using it.
0:00 – intro for IT nerds
2:07 – Microsoft announcing the end of Basic Auth/legacy auth
3:10 – What protocols are considered as Legacy authentication?
4:38 – The risk behind legacy auth
5:54 – Why is a CA policy not sufficient for blocking Legacy auth?
7:10 – How I propose you should block Legacy auth
8:19 – Identify who is still using legacy auth in your tenant