Identify Basic Authentication logins for Exchange Online in Azure AD
Microsoft has announced several times that they are depreciating Basic Authentication for Exchange Online soon, possibly this month (January 2023).
A recent post has information about the deprecation and how to prepare for it.
I wanted to write down how to identify any Basic Authentication usage in your environment from that post and simplify it to just a few clicks. This is a good way to identify any applications that are using Basic Authentication and need to be updated before they get blocked.
Navigate to the Azure AD portal sign in to Azure AD with an account that has Global Administrator permissions.
Select Azure Active Directory > Sign-in logs:
Add some filters in the top bar, specifying the time range you want to search. For Client app select all options that are under the “Legacy Authentication Clients” section of the dropdown:
To filter out the brute force login attempts, change Result type to Success.
This list will give you all of the sign in attempts that are using Basic Authentication. You can then use this list to identify the applications that are using Basic Authentication and update them before they get blocked:
The easiest way to get these logins remediated is to implement an Azure AD Conditional Access policy that blocks or audits Basic Authentication. You can then use this information and contact the application owners or users to get these methods updated.
