Exchange online client forcing login
![exchange online client forcing login exchange online client forcing login](https://i.stack.imgur.com/evSjI.png)
![exchange online client forcing login exchange online client forcing login](https://developers.google.com/adwords/api/images/playground-settings.png)
#Exchange online client forcing login password
So, while the user may still provide a username and password (for now see more below), it is used to authenticate with an identity provider to generate a token for access. While each are different in their execution, they all aim to move away from the classic username\password method and instead rely on token-based claims. Some examples of Modern Authentication protocols are SAML, WS-Federation, and OAuth. Modern Authentication is not a single authentication method, but instead a category of several different protocols that aim to enhance the security posture of cloud-based resources. Additionally, the entire basis of basic authentication is predicated on a very simplistic and archaic username\password architecture that Microsoft is trying to eliminate. Second, the password will be cached (and possibly permanently stored) within the browser, creating another surface for compromise. First, the authentication header is sent with each request, so the opportunity to capture credentials is practically unlimited. However, even when HTTPS is used, there are still a number of vulnerabilities for Basic Auth. For this reason, Basic Auth needed to be combined with SSL to encrypt the headers (Remember the adage: NEVER authenticate to a website that is not SSL protected) and protect the user’s credentials. Username and password were contained in a single header field, in plain text, base64 encoding. Authentication for internet resources would typically use Basic Authentication, which has the benefit of being very simple.
#Exchange online client forcing login how to
As you are now aware of Microsoft’s timeline, we’ll dive a little deeper into some of the technical details and how to tell if you have any clients that are connecting to Azure Active Directory via legacy protocols.īeyond “security!”, why is Microsoft forcing this switch? To answer that question, it is best to understand a little about what we are coming from and where we are going to.įor years, Windows (and other systems) have relied on protocols like CHAP, NTLM, and Kerberos, which don’t work particularly well over the internet. A few weeks back, my colleague Brian Podolsky wrote a blog post article detailing the deprecation of legacy authentication in favor of modern authentication for Exchange Online.