Basic authentication is a method of authentication that uses a username and password to authenticate a user to a system or service. In the context of Microsoft Office 365, basic authentication is an older and less secure authentication method that is gradually being phased out by Microsoft (dates have come and gone on this front).
There are still a number of legacy use cases whereby Basic authentication protocols are valid.
Consider:
At a minimum, if basic authentication is required, ensure that it is secured via TLS.
Basic Authentication enables preventative controls such as MFA to be bypassed. As such Secure-ISS recommend that the method be disabled completely.
For those that are required to continue the use of Basic Authentication and are licensed for Conditional access policies, use Conditional Access Policies to secure usage for approved accounts and trusted locations only.
Basic authentication protocols are often targeted in O365 attacks. Secure-ISS monitor for such abuse and will notify customers’ in the event that such activity is detected. In turn, we also add exceptions to this notification so that our team do not notify on false positives.
If you are using O365 for a legitimate purpose, such as, SMTP relay, ensure that Secure-ISS are advised of the accounts that are authorised to use the Basic Authentication protocols. Your SOC analyst can assist with this process.
Secure-ISS can also assist clients in identifying accounts that are using Basic Auth within your environment so that these can be moved to a more secure modern Authentication protocol.
Where possible Secure-ISS recommend’s that Basic Authentication is disabled within the tenant.
Instructions on completing this task can be found here https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/disable-basic-authentication-in-exchange-online.
Microsoft have also provide guidance around
https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892