Information
Modern authentication in Microsoft 365 enables authentication features like multifactor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers
Rationale:
Strong authentication controls, such as the use of multifactor authentication, may be circumvented if basic authentication is used by SharePoint applications. Requiring modern authentication for SharePoint applications ensures strong authentication mechanisms are used when establishing sessions between these applications, SharePoint, and connecting users.
Impact:
Implementation of modern authentication for SharePoint will require users to authenticate to SharePoint using modern authentication. This may cause a minor impact to typical user behavior.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To set SharePoint settings, use the Microsoft 365 Admin Center:
Under Admin centers select SharePoint.
Expand the Policies section then select Access Control.
Select Apps that don't use modern authentication
Select the radio button for Block.
Click OK.
To set Apps that don't use modern authentication is set to Block, use the SharePoint Online PowerShell Module:
Connect to SharePoint Online using Connect-SPOService -Url https://tenant-admin.sharepoint.com replacing tenant with your value.
Run the following Sharepoint Online PowerShell command:
Set-SPOTenant -LegacyAuthProtocolsEnabled $false