Modern Authentication vs. Legacy Authentication

Modern Authentication Cloud Security | Binary Tree

"Modern authentication" is the term Microsoft uses to describe a set of authentication flows that enable access to Azure AD, Office 365 and Azure IaaS. Among other things, modern authentication includes web-based authentication, even for non-browser clients such as Microsoft Outlook. Modern authentication enables SSO, MFA and conditional access.

By contrast, some Office 365 services still support legacy authentication protocols. These protocols rely solely on passwords and cannot support SSO and MFA. Legacy authentication is used by IMAP, POP, SMTP and Exchange ActiveSync clients, and by older web clients relying on basic authentication. Microsoft still maintains legacy endpoints for backward compatibility. However, it recognizes that they provide a weak link in its defenses and actively encourages its customers to disable them within their tenants.

The "security defaults" feature introduced by Microsoft in 2019 automatically disables legacy authentication protocols for all new tenants. If you have not already done so, you should migrate to the Office versions that support modern authentication (Office 2013 or later) and retire any other legacy clients. 

Immediate modernization considerations you should plan for include:

  • Upgrade Office and email clients to those that support modern authentication.
  • Enable modern authentication in all Office 365 services.
  • Block legacy authentication using Azure AD Conditional Access or security defaults.
  • Prepare for deprecation of basic authentication in Exchange Online before October 2020.

Binary Tree is a specialized cloud migration partner here to help. Get expert guidance to simplify and accelerate your move to a more secure cloud environment. Contact us today, and let’s go forward together!