Enable Modern Authentication in Office 365: Basic Authentication vs. Modern Authentication

Yash Sinha
Yash Sinha linkedin | Updated On - January 18, 2023 |

Read time: 4 minutes

The advancement in technology redefines traditional approaches and infrastructure to introduce revolutions in the digital world. And in this digital era, most of our data is stored online, which can be accessed or stolen by cyber attackers if we don’t take any security measures. Hence, taking preventive actions is essential for Microsoft 365 users to avoid security breaches. According to Verizon Report, most data breaches are caused because of compromising the credentials used in the authentication process. The malicious actors use various techniques to steal the user’s credentials, including credential phishing, social engineering, and brute force attacks.

To enhance the security mechanism of Microsoft 365 logins and be secure from data breaches, Microsoft has introduced an effective method named Modern Authentication. As it is a combination of authentication and authorization processes, it is more secure than the Basic Authentication method, where the entire security mechanism doesn’t rely only on the user’s credentials. Hence, you need not worry about the security of Microsoft 365 mailboxes.

To get a clear understanding of how Modern Authentication enhances the security mechanism, you must know about the basic authentication method.

Basic Authentication

Basic Authentication is a traditional way of logging into your Microsoft 365 account using the username and password. If the basic Authentication is performed while authenticating any app or add-in against the Microsoft account, inputting the user credentials is a must to access its services. It means that your credentials have already been saved in the server for authentication purposes, creating an opportunity for hackers to steal users’ credentials.

Another reason behind the deprecation of basic Authentication is that you can’t set the application permission scope. Hence, every application can access all user’s data. In addition, it doesn’t offer multi-factor Authentication and conditional access to make the authentication process more secure.

Modern Authentication

Modern Authentication is more secure than Basic Authentication as it is a combination of authentication and authorization methods. It is based on Active Directory Authentication Library (ADAL) and OAuth 2.0. In modern Authentication, the application doesn’t store the user’s credentials, and tokens are used for the authentication process. Once the token is utilized for logging into the account, it is given back to the application. These tokens can’t be misused as they have a limited lifetime, and they will be invalid after that.

  • Active Directory Authentication Library: This authentication mechanism provides access to the secured resources for an application via security tokens. For seamless access to Microsoft 365 resources, it also offers the SSO (Single Sign-On) feature.
  • OAuth2.0: In this authorization protocol, you can access the resources with the client application via access tokens. This protocol provides access without sharing your credentials with the resource server.

You can also define permission scope in Microsoft 365 that restricts the data access for specific applications. Furthermore, it offers Multi-Factor Authentication (MFA) that requires additional verification factors to gain access to a particular resource. It can be a fingerprint, face recognition, or memorized PIN. It works on the Conditional Access policies and requires a one-time token in the authentication process.

Enable Modern Authentication in Office 365?

There are different methods used to enable Modern Authentication in Office 365. You can choose any method as per your suitability.

Using the Microsoft admin center

You must perform the below steps to set up modern Authentication in Office 365 through the admin center.

  • First, browse https://admin.microsoft.com to access the admin center with your global admin credentials.
  • From the listed menu, click on Settings -> Org settings.
  • Next, select Modern Authentication, listed under the Services tab.
  • After that, click to enable Modern Authentication for Outlook 2013 for Windows and later.
  • Finally, click Save.
Using the Exchange Online PowerShell

If you want to perform the same using Exchange Online PowerShell, you must follow the below steps:

  • First, connect your Microsoft 365 account to PowerShell.
  • If using the Outlook 2013 or later version, run the below command to enable modern Authentication:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  • If you want to verify that the modern Authentication has been enabled, you need to run the following command:
    Get-OrganizationConfig | Format-Table Name,OAuth* -Auto

Conclusion

Modern Authentication in Microsoft 365 is quite necessary to protect your data, as using a simple set of credentials in the authentication process is not enough for security protection. Enabling Modern Authentication offers Multi-factor Authentication (MFA) and allows you to restrict data access for applications.

For the protection of Office 365 applications, you should have a comprehensive backup solution like Kernel Office 365 Backup & Restore. This popular tool can backup your mailboxes, shared and archive mailboxes, public folders, and groups by offering multiple output formats such as PST, DOCX, DOC, PDF, and HTML. It supports modern Authentication for Microsoft 365 login and is capable of automating backup using an inbuilt CSV file. In addition, it also allows you to set smart filters for choosing only required data.