Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD

In this article, I will explain how to identify users using Basic Authentication Microsoft 365 apps in your organization. What is Basic Authentication and why do we need to disable basic authentication? More details about Azure AD authentication is explained in the post.

Identify Clients Using Basic Authentication ( O365 )

Basic Authentication based on where credentials are the base64 encoding of id and password joined by a single colon: is similar like a username and password is provided every time for a request made by the client, that means the client will pass the user name and password with every request which makes easier for attackers to get the user’s credential and it is pron to Password spray attack because it uses a simple HTTP login method to get authenticated.

This is how the login looks like, very familiar right?

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

How to Identify users using Basic Authentication Against Microsoft 365 services! yes, this is something interesting to check who and all are connecting to Microsoft 365 resource using basic authentication.

How to Identify Application using Basic authentication using Azure Sign Logs

Let’s use Azure ad sign Logs, what azure sign logs yes you heard it correct, you can use Azure ad sign-in Report to understand basic auth usage in your tenant. Let me explain this is steps.

Step 1: Sign in to the Azure AD portal, you can use the new portal https://aad.portal.azure.com, scroll down and you can see Sign-ins under Monitor

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

Step 2: In the sign-in page, you can see Add filters option on the right page > Client app

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

Step 3: Once the Client app is selected it will show none selected > tap on that this will provide a drop-down with the list of client apps and segregated as Modern Authentication Clients and Legacy authentication Clients. Select all the applications under legacy authentication clients.

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

You can select on one of the records to see which Client app is being user in my example Mapi Over HTTP

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

You can see all the Client apps using basic authentication > Tap on Download to so you will get the report handy. You should make sure you had selected the client app in the columns to display the app details in the report.

Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD 1
Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD 13
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise

Download Azure Signing Logs to Excel in JSON or CSV format

To download the sign-ins to JSON or CSV format, click on the Download button at the top of the Sign-ins page. If you filter the sign-ins by certain client apps, your download will be based on the filter selections you’ve made.

We recommend downloading to JSON because this format includes all the sign-in details, including user agent. The CSV format will only show the top-level information in each row of the sign-in logs.

Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise
Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD 2
Basic Authentication Microsoft 365 Apps for Enterprise | Office 365 | Azure AD 14

Using the Microsoft Graph API to get sign-ins

If you need to download more than 250,000 sign-in records, you can do so using the audit logs API in Microsoft Graph. you can use the below queries to collect the logs from Microsoft Graph.

Resources

New Azure Intune Portal App for Windows Devices

I have noticed that there is a new Azure portal application for Windows devices. You can download the app from Microsoft trusted website. Yes, it’s exciting for me that I can use this new Azure Portal Application for Intune Device Management as well.

Download and Install Azure Portal Application

You can download the new Azure portal app from Microsoft’s official websitehttps://ms.portal.azure.com/App/Welcome.

I got this piece of information from the walkingcat tweet. I downloaded the AzurePortalInstaller.exe from the Microsoft Azure site mentioned above and double click on it to install it.

I have explained the entire download and installation process of the new Azure Portal App is in the above video tutorial.

Details – Azure Intune Portal Application

I initially felt like a new Azure portal application is a PWA application based on chrome or Microsoft Edge Chromium browser. But, I could find any processes running in the background while the new Azure Portal application is running.

Azure Portal Application

Processes – Azure Portal Launcher Application

I have checked the processes running on Windows 10 1809 machine while Azure portal application is open. I could find three (3) processes with the same exe as you can see below.

  • Microsoft Azure Portal Launcher (MicrosoftAzurePortal.exe)
    • Microsoft Azure Portal EXE (MicrosoftAzurePortal.exe)
    • Sign in to Microsoft Azure (MicrosoftAzurePortal.exe)

Folder Location of Azure Portal Application

I found that the portal launcher application created specific folders in my user profiles as I showed in the above video. You can check the details of the Azure Portal application folder details.

C:\Users\Anoop C Nair\AppData\Local\Microsoft\AzurePortal\Production\MicrosoftAzurePortal.exe

Version – Azure Application Portal Launcher Application

I think the version details you can get from the file called version inside the same folder as mentioned above.

Azure Portal App Launcher == v3.0.10

Known Issues

  • Azure portal App is challenging to close, and you need to close it from Windows task manager.
  • It won’t really work offline unlike other PWA apps 🙂
  • Not sure whether it will work for Windows 7 or Windows 8 or Previous versions of Windows 10? I tested with Windows 10 1809 and Microsoft Edge Chromium, Chrome, etc… installed device.