{"id":343,"date":"2020-03-10T20:58:52","date_gmt":"2020-03-10T20:58:52","guid":{"rendered":"http:\/\/certcent.io\/?p=343"},"modified":"2020-03-10T20:58:52","modified_gmt":"2020-03-10T20:58:52","slug":"office-365-security-tips-and-tricks-finding-accounts-with-vulnerable-protocols","status":"publish","type":"post","link":"https:\/\/certcent.io\/index.php\/2020\/03\/10\/office-365-security-tips-and-tricks-finding-accounts-with-vulnerable-protocols\/","title":{"rendered":"Office 365 Security Tips and Tricks: Finding accounts with vulnerable protocols."},"content":{"rendered":"

POP3, IMAP, SMTP, and MAPI are all protocols that are used in password spraying attacks. Disabling basic authentication of these protocols and requiring modern authentication will reduce your risk of password spraying success. Be mindful disabling basic authentication should be done in piecemeal and tested thoroughly to avoid major disruptions.
\nYou will read that creating a AuthenticationPolicy for your users is the most efficient method to deploy, but it may take up to an hour to apply or remove these policies, so be careful and test and test again.
\nA great way to decrease your Office 365’s tenants chance of being hacked is to disable they protocols:<\/p>\n

$Session = New-PSSession -ConnectionUri https:\/\/outlook.office365.com\/powershell-liveid\/  -ConfigurationName Microsoft.Exchange -Credential $credentials -Authentication Basic -AllowRedirection<\/pre>\n
# this will bring in all the commands from your session to your local session, you could also use invoke-command -scriptblock to run inside the psession session, I like the import-session better.\nimport-pssession $session\nget-casmailbox | select-object Identity, PopEnabled,ImapEnabled,MapiEnabled,SmtpAuthenticationEnabled}  | Out-GridView<\/pre>\n
Next would be to create a for loop to disable all these accounts.  I will post this part later.
\nRegarding Basic and Modern authentication policies:
\nHere’s a create Microsoft article for viewing, creating, and assigning new Modern authentication policies:
\nhttps:\/\/docs.microsoft.com\/en-us\/exchange\/clients-and-mobile-in-exchange-online\/disable-basic-authentication-in-exchange-online<\/p>\n
<\/div>\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
POP3, IMAP, SMTP, and MAPI are all protocols that are used in password spraying attacks. Disabling basic authentication of these protocols and requiring modern authentication will reduce your risk of password spraying success. Be mindful disabling basic authentication should be done in piecemeal and tested thoroughly to avoid major disruptions. You will read that creating… Continue reading Office 365 Security Tips and Tricks: Finding accounts with vulnerable protocols.<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/343"}],"collection":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/comments?post=343"}],"version-history":[{"count":0,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/posts\/343\/revisions"}],"wp:attachment":[{"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/media?parent=343"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/categories?post=343"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/certcent.io\/index.php\/wp-json\/wp\/v2\/tags?post=343"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}