Microsoft Entra ID supports a wide range of authentication protocols, including legacy authentication, to provide a simple access to cloud applications. According to Microsoft’s investigation, archaic authentication mechanisms are used in over 97% of credential stuffing attacks and over 99% of password spray attacks. If basic authentication was restricted or removed, these assaults would end.
The best approach to block legacy authentication is via Microsoft Entra Conditional Access but lets see how to doit in specific service like SharePoint online.
Go to SharePoint admin center:
https://YourTenantName-admin.sharepoint.com/_layouts/15/online/AdminHome.aspx#/home
Go to Policies, Access control, App tha don’t use modern authentication.
Select block access and click save.
Some third-party apps and previous versions of Office can’t enforce device-based restrictions. Use this setting to block all access from these apps.
More info:
https://learn.microsoft.com/en-us/entra/identity/conditional-access/block-legacy-authentication
Thanos is an IT Manager that led Intralot the cloud migration project to Microsoft Azure. The project was the largest migration in Central and Eastern Europe (CEE Region) to Microsoft Azure for the year 2021. Manage and lead large IT projects, including the design and deployment of existing – new IT systems and services. Responsible for leading, developing, and managing the staff that develops, supports and maintains technical solutions within the Group Enterprise IT consists of the Systems Engineer Team, Network Team, and End Users Support Teams. Also, I operate as a technical lead and subject matter expert in providing end-to-end engineering advice and support in respect of one or more areas of Complex Infrastructure systems services. Skilled in a variety of Suites, Computer Science, IAAS, and Strong information technology professional.
MSc in CyberSecurity at the University of West Attica, Bachelor focused in Computer Science at the Hellenic Open University. Certified by Microsoft, VMware, PeopleCert: ITIL, MCP, VCP, Azure Fundamentals, Azure Virtual Desktop Specialty, Azure Administrator Associate, Azure Security Engineer Associate, Microsoft Azure Solution Architect Expert.