Use of 2FA is something
everyone should use on all services in 2019. 2FA will stops a lot of the mayor
attack that has happened the last month. Example from Norway is attack on
Visma, Maersk, Hydro. I don’t say that 2FA will solve everything, but helps a
lot with the work. Everyone that has O365 license has free 2FA, admin just need
to enable it.
App Password is default allowed; this give no extra security when users can
create static password for apps like Outlook, OneDrive etc. When App Password
is disabled, you need to activate modern authentication to get apps to work.
Default is modern authentication not enabled in Exchange Online. Modern authentication cannot be enabled in O365 portal, just possible to do with PowerShell. Has created an example how you can do this under:
- Connect to Exchange Online PowerShell.
- Run the following: Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
- Run the following to verify that modern authentication is enabled: Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
Entire code together here:
# Setup PSSession to O365 (Step 1)
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
# Enable modern authentication (OAuth)(Step 2)
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
# Verify value for for modern authentication (OAuth)(Step 3)
Get-OrganizationConfig | Format-Table Name,OAuth* -Auto
# Close PSSession
Remove-PSSession $Session