Account/Authentication - Azure Active Directory - Ensure Modern Authentication for SharePoint Applications is Required

 






Summary

The option of modern authentication in Microsoft 365 enables authentication features like Multifactor Authentication (MFA) using smart cards, Certificate-based Authentication (CBA), and third-party SAML identity providers.

Reason

Authentication controls like MFAs can be circumvented if basic authentication is used by SharePoint Applications. Additionally, requiring modern authentication for SharePoint applications ensures that strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.

What If?

If modern authentication for SharePoint is implemented, then, users will have to authenticate to SharePoint using modern authentication. This may cause a minor impact to typical user behavior.

How to?

To set SharePoint settings, use the Microsoft 365 Admin Center:
  1. Under Admin centers select SharePoint.
  2. Expand the Policies section, and then choose Access control.
  3. Select Apps that don't use modern authentication.
  4. Select the radio button for Block access.
  5. Click Save.

To set Apps that don't use modern authentication is set to Block, use the SharePoint online PowerShell mode:

  1. Connect to SharePoint Online using Connect -SPOService -Url https://tenant-admin.sharepoint.com replacing tenant with your value.
  2. Run the following SharePoint Online PowerShell command-

Set -SPOTenant -LegacyAuthProtocolsEnabled $false

Monitor:

To verify SharePoint settings, use the Microsoft 365 Admin Center:
  1. Under Admin centers select SharePoint.
  2. Expand the Policies section, and then choose Access control.
  3. Select Apps that don't use modern authentication and make sure that it is set to Block access.

To verify Apps that don't use modern authentication is set to Block, use the SharePoint online PowerShell mode:

  1. Connect to SharePoint Online using Connect -SPOService -Url https://tenant-admin.sharepoint.com replacing tenant with your value.
  2. Run the following SharePoint Online PowerShell command-

Set -SPOTenant | ft LegacyAuthProtocolsEnabled

      3. Verify LegacyAuthProtocolsEnabled is set false.

















Comments

Popular posts from this blog

Deployment (Part 3)

Project Resourcing (Part 2)

Design Planning (Part 3)