Information
SharePoint web applications should be configured to disallow anonymous authentication, which would allow users to authenticate and use the applications without confirming their identity.
Rationale:
Allowing anonymous authentication to SharePoint web applications will nullify the effectiveness of the authentication control. Furthermore, any activity performed in the anonymous session would also not be linkable to a particular account. Such linkages are often critical in post-incident investigations and audits.
Solution
1. Navigate to Central Administration website.
2. Click on Manage web applications.
3. Click the web application name.
4. Click the Authentication Providers button in the Web Applications ribbon.
5. Click each Zone, and uncheck Enable anonymous access.
6. Repeat for each web application.