According to a recent review, Forbes experts are showing that the average PC has 14 vulnerabilities that can be weaponized by hackers. With this shocking number top of mind, it’s not surprising that Microsoft is always looking for ways to shore up their security levels. The latest move has Microsoft deprecating an older model that helps authenticate users on their Windows machines: Microsoft basic authentication.
IT professionals are now scrambling to ensure that all their managed PCs and users have been upgraded to the new Microsoft modern authentication standards. Here’s what you need to know to ensure you’re staying abreast of the latest challenges against your corporate computers.
Holden Watne, an IT services professional in Los Angeles offers up some tips to help local businesses make the change from Microsoft basic authentication.
Reduce Reliance on Blocked Standards
Support for basic authentication will end October 31, 2020, which means there are several older security standards that should be immediately reduced or eliminated from your lineup, including:
- Remote PowerShell
These are all considered to be risky protocols that are vulnerable to a password spray attack. These security standards are often used by older Microsoft platforms, which could predicate the need to upgrade your platforms before you’re able to take advantage of the more modern authentication methods.
Prepare for a “True” SSO Experience
Industry leaders have long bemoaned that a true Single Sign-On experience was impossible with Microsoft Outlook’s need for basic authentication. With the recent updates, you should now be able to introduce Microsoft’s modern authentication protocols, which will create a more seamless experience for your users. This new Active Directory Authentication Library (ADAL)-based method works across all Microsoft applications, providing an unprecedented new level of security for your business. Whether you decide on a smart card, MFA (multi-factor authentication) or certificate-based authentication, you will be helping ensure that your teams can easily access the applications that they use on a daily basis while also maintaining an adequate level of security.
Enable Modern Authentication on Skype for Business and Microsoft Exchange Online
If your tenant was created prior to August 2017, chances are that modern authentication is disabled in your instance. In this case, you’ll first need to reactivate the security protocols before you’re able to implement this enhanced security solutions. It’s important to note that this doesn’t impact IMAP and POP3 accounts, as these are already disabled in Exchange Online. Enabling modern authentication can be accomplished by:
- Running this command: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
- Conversely, you can turn off modern authentication by running: Set-OrganizationConfig -OAuth2ClientProfileEnabled $false
- Run this PowerShell command to ensure the change was successful: Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
While modern authentication is purportedly available for all devices and all applications, there are some applications that are lagging slightly behind — particularly for Mac or Android versions of these popular applications.
If you are currently using Microsoft Office 365 and have a mix of applications and platforms, it’s important to review your entire install base to reduce the possibility that you’ll overlook a particular combination of platform and application when performing your upgrades.
Maintaining a high degree of security is vital for your business — particularly in today’s dangerous environments. Without the latest Windows authentication firmly in place, you run the risk of cybercriminals gaining full access to your systems without your knowledge. Protecting your systems and confidential data requires having the latest security updates and access to new tools as they are being released. Work with local IT managed service partners to ensure you have the most recent information about potential security issues that could negatively impact your business.
Photos courtesy of gettyimages.com