We actively recommend that customers adopt security strategies such as Zero Trust (Never Trust, Always Verify), or apply real-time assessment policies when users and devices access corporate information. Threats posed by it have only increased since we originally announced that we were going to turn it off (see Improving Security - Together) There are better and more effective user authentication alternatives. Furthermore, the enforcement of multifactor authentication (MFA) is not simple or in some cases, possible when Basic authentication remains enabled.īasic authentication is an outdated industry standard. Simplicity isn't at all bad, but Basic authentication makes it easier for attackers to capture user credentials (particularly if the credentials are not protected by TLS), which increases the risk of those stolen credentials being reused against other endpoints or services.
Traditionally, Basic authentication is enabled by default on most servers or services, and is simple to set up. Basic authentication simply means the application sends a username and password with every request, and those credentials are also often stored or saved on the device. Read the rest of this article to fully understand the changes we're making and how these changes might affect you.įor many years, applications have used Basic authentication to connect to servers, services, and API endpoints. Once that date has passed, you (or support) cannot re-enable Basic authentication in your tenant. Follow the re-enablement process in this blog. If Basic authentication has been disabled in your tenant and users and apps are unable to connect, you have until Dec 31, 2022, to re-enable the affected protocols.
0 kommentar(er)
