Have you disabled Legacy Authentication in Azure AD?

Elias AtieM365Leave a Comment

Microsoft recently announced that 99% of all attacks using password spray techniques and 97% of attacks utilising password replay techniques have been targeted at legacy authentication protocols.

What does this mean for your organisation?

Even with MFA in place, many organisations still have holes in their identity management strategies that allow malicious attackers to completely bypass a second form of authentication!

Although you may have already deployed multifactor authentication using Conditional Access policies, it is common to see organisations who leave legacy authentication enabled which allows attackers to completely bypass MFA.

The good news is that disabling legacy authentication doesn’t have to be painful. Microsoft allows administrators to view all authentication method types being utilized from the Azure portal.

This allows administrators to determine what applications or services may still be relying on these legacy authentication protocols prior to disabling them.

Have you disabled legacy authentication in your organisation?

Leave a Reply

Your email address will not be published. Required fields are marked *