MS.AAD.1.1v1 - Legacy authentication SHALL be blocked.

Information

The security risk of allowing legacy authentication protocols is they do not support MFA. Blocking legacy protocols reduces the impact of user credential theft.

Solution

- [Determine if an agency's existing applications use legacy authentication](https://learn.microsoft.com/en-us/entra/identity/conditional-access/block-legacy-authentication#identify-legacy-authentication-use) before blocking legacy authentication across the entire application base.

- Create a [Conditional Access policy to block legacy authentication](https://learn.microsoft.com/en-us/entra/identity/conditional-access/howto-conditional-access-policy-block-legacy).

See Also

https://github.com/cisagov/ScubaGear/tree/v1.5.0/

Item Details

Category: ACCESS CONTROL, SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

References: 800-53|AC-2, 800-53|AC-3, 800-53|AC-5, 800-53|AC-6, 800-53|AC-7, 800-53|AC-20, 800-53|CA-7, 800-53|CM-2, 800-53|CM-5, 800-53|CM-6, 800-53|IA-2, 800-53|IA-4, 800-53|IA-5, 800-53|IA-11, 800-53|SA-3, 800-53|SA-4, 800-53|SA-8, 800-53|SA-10, 800-53|SA-11, 800-53|SA-15, 800-53|SA-16, 800-53|SA-17, 800-53|SC-28, 800-53|SI-4

Plugin: microsoft_azure

Control ID: b38e467f0bdfc005d5439ea3450470bf468399f5f2f0f2ca630c1b1d682ebdd7