It is a very well-known that the Cyberattacker will use any means that they can in order to break through your walls of defenses.  One such method is by ascertaining if you are using old network protocols in your IT Infrastructure.  Many of them are now outdated, and because of that the latest software patches, upgrades, and firmware cannot be used to fill any holes or gaps in them.

Because of this, Microsoft will soon be disabling all legacy protocols in both Azure and M365 platforms.

Identifying What Protocols You Have

The first step is to identify which legacy apps your systems are still running.  To accomplish this task, follow these steps:

    • Log into the Azure Active Directory.
    • Go to Sign Ins.
    • If it is not already there, install the Client App functionality by:
      • Clicking on “Columns”.
      • Then click on “Client App”.
    • At the Client App:
      • Check mark “Legacy Authentication Protocols”.
    • Click on:
      • “Status”.
      • Then click on “Success”.
  • Select the appropriate date range from which you are trying to ascertain if any legacy protocols are still being used.

It is important to note that the procedures will do nothing more than tell you who and what legacy protocols are still being used.  The next step is to implement what is known as “Modern Authentication” which is detailed in the next section.

How To Implement Modern Authentication

This new functionality from Microsoft makes sure that not only the latest network protocols are being used by your software applications, but that also that the usage of Multifactor Authentication (MFA) is strictly enforced.  To accomplish this, follow the steps below:

  • In order to confirm that your Cloud based deployment can indeed support Modern Authentication, enter in the following command:

Get-CsOAuthConfiguration

You can also retrieve this from the Powershell Module.

  • If the above command line returns this value:

OAuthServers

It means that Modern Authentication has not been set up, or for some reason, it has been          disabled.  To get it up and running, enter in the following command:

Set-CsOAuthConfiguration

But if you do have Modern Authentication already running, it is very important that you follow these procedures first before deploying Modern Authentication to your Azure and M365 apps.  If you are running it already, your apps will automatically revert to the legacy protocols if these procedures are not followed.

Deploying Modern Authentication On Your Apps

For M365

By default, any apps that are running Office 2016 or later will be automatically running Modern Authentication.  However, any other version below this will still be running the legacy protocols, and thus will not support any kind of attempt to make them run Modern Authentication.  In this case, Microsoft highly recommends that you upgrade to the latest version of Office.

However, if you still want to try to run Modern Authentication on the older versions, then you should follow the steps that are outlined here.  Even if you are successful at doing this, there is no guarantee that Modern Authentication will be supported, as there is a good probability that whatever apps you are running in Office 2013 will revert back to the legacy protocols at some subsequent point in time.

SharePoint & Exchange

The same holds true for the E-mail protocols as well.  If you are currently running the latest version of Exchange, then Modern Authentication will be automatically enabled.  Any older versions of Exchange will be using the legacy protocols, and it will be quite difficult to upgrade them.

With regards to SharePoint, any applications running after August 1, 2017, will automatically support Modern Authentication.  Anything previous will still be using the old protocols.  Therefore in both instances, Microsoft also strongly recommends that you update to the latest versions of both.

But if you still want to try to upgrade these to Modern Authentication, follow the procedures as detailed here.  Once again, there are no guarantees that this will work.

Mobile Devices

It is also highly recommended that any mobile devices that your employees use to conduct their daily job tasks are also running Modern Authentication as well.  The easiest way to do this is to ensure that they have “Outlook for Mobile” installed onto their wireless device.  This will also support any MFA format that you have set up in Microsoft Azure as your employees try to access the shared resources.

However it important to note that the “Outlook for Mobile” will run only on iOS devices that are running Version 11 or higher.

Conclusions

Overall, it is very important to make sure that you are running Modern Authentication not only from the standpoint of Cybersecurity, but to make sure also that apps are also in synch with one another by making sure that they are using the latest protocols.

If you have any questions or need help with this, contact us today.

@Microsoft365

Sources

  • https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/concept-fundamentals-block-legacy-authentication