Improving Security - Together - Through Modern Authentication

Making it harder for the bad guys

For many years, client apps have used Basic Authentication to connect to servers, services and endpoints. It is enabled by default on most servers and services and it’s super simple to set up. Basic Authentication simply means the application sends a username and password with every request (often stored or saved on the device).

Basic Authentication makes it easier for attackers—armed with today’s tools and methods—to capture users’ credentials, which in turn increases the risk of criminal breach. Multi-factor authentication (MFA) offers another roadblock to stop bad actors.

Simply put, there are better and more effective alternatives to authenticate users available today. We are actively recommending to customers to adopt security strategies that apply real–time policies when users and devices are accessing corporate information. This allows for intelligent decisions to be made regarding who is trying to access what from where on which device rather than simply trusting a simple username and password (which could be a Bad Actor impersonating a user).

With these threats and risks in mind, we’re taking steps to improve data security in Exchange Online.

What Is Changing

Last year Microsoft announced they are turning off Basic Authentication for Exchange Web Services and Exchange Online products in October 2020. COVID-19 has pushed back the date, but the need for advanced security remains—in fact, it’s needed more than ever due to online threat activity levels.

We are asking for your help to move away from apps that use Basic Authentication to those that use Modern Authentication. Modern Authentication has many benefits and improvements that help mitigate the issues present in Basic Authentication. Enabling and enforcing multi-factor authentication is also very simple with this updated method.

How This Impacts You

This change might affect some of your users or apps, so we wanted to provide additional information to help you in identifying and deciding upon an action plan.

Finding impacted users

The next action you really need to be thinking about is assessing impact to your business. The first question you probably have is – so how do I know who at my business is using Basic Authentication? Great question, and we are here to help you determine that.

Once we understand what your users use, and know if they are using Basic or Modern Authentication, what can you do about it? Each of the impacted protocols have an easy solution that many customers already have access to.

Latest Microsoft 365 (formerly known as Office 365)

The current version of Microsoft 365 (including Outlook, Word, and Excel) includes Modern Authentication. By porting over current apps to this standard, we can eliminate the security issues that are presented (as well as the basic authentication standards that are being phased out).

We believe the best mobile device client to use when connecting to Exchange Online is Outlook mobile. Trusted by over 100M users across the world, Outlook mobile fully integrates modern Microsoft mobility and security capabilities. Outlook mobile helps you secure your users and your corporate data, and it natively supports Modern Authentication.

Summary

We know the change from Basic Auth to Modern Auth will potentially cause some disruption. For some users, change can bring challenge, but we want to do this together to improve security, protecting your and your users’ data. Disabling Basic Authentication and requiring Modern Authentication with MFA is one of the best things you can do to improve the security of your data and is a key component to a cyber security plan.

To learn more about MFA, check out this link from Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-first-time .

We know this is big news for some and we’re here to help! Contact us for more information!

The Certified CIO Team

Tabbie Coulter

great professional service and very timely!! would highly recommend for your IT needs.

Jessie Palma

I love this company. They have soo much talent there and they always fix it so quickly! They are very professional and courteous! I've gotten to know some of them because we treat each other like human beings :) It's like having an extended family.

Fernando Perez

Awesome management! Great company.

Joseph Silbaugh

I needed to add an older laptop to the business account for my use on the road. CIO did everything remotely for me. It made the task so easy. They updated everything, added my office 365, my 3 emails and checked everything. Great job, quick and efficiently no stress. I recommend them highly

Kay Westerhold

Always a quick response. Issue solved and can continue on with the task every time. Great job CCIO!!

Bill Fissell

The service was prompt, friendly and knowledgeable. Could not ask for more than that.

Kevin Slack

Upgraded our router with Comcast. It did not go smoothly until Steve Plumlee got involved and got everything working well. When Steve is working on our IT issues, they get resolved. Amen.

Hickory Falls Family Entertainment Center

Thanks for going more in-depth with your engineers and investigating solutions and resolving some of our email challenges.

Bill Moorman

Certified CIO is a smart, professional and friendly team of engineers to work with. I am a bright person but computers can make me feel incompetent. The team at Certified CIO never allows you to feel awkward even asking the most basic questions. You have been a lifeline many times. Thanks for your support.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666

Improving Security – Together – Through Modern Authentication

Better IT for Business. Call Today! (717) 340-6000 (443) 283-0666

Improving Security – Together – Through Modern Authentication

Share This Story, Choose Your Platform!

Better IT for Business. Call Today!
(717) 340-6000
(443) 283-0666