Microsoft recently announced that 99% of all attacks using password spray techniques and 97% of attacks utilising password replay techniques have been targeted at legacy authentication protocols.
What does this mean for your organisation?
Even with MFA in place, many organisations still have holes in their identity management strategies that allow malicious attackers to completely bypass a second form of authentication!
Although you may have already deployed multifactor authentication using Conditional Access policies, it is common to see organisations who leave legacy authentication enabled which allows attackers to completely bypass MFA.
The good news is that disabling legacy authentication doesn’t have to be painful. Microsoft allows administrators to view all authentication method types being utilized from the Azure portal.
This allows administrators to determine what applications or services may still be relying on these legacy authentication protocols prior to disabling them.
Have you disabled legacy authentication in your organisation?
Got questions, ideas, or just want to chat? We'd love to hear from you! Reach out to us anytime, and we'll get back to you with all the help and information you need.
