Microsoft Update - Deprecation of Basic Authentication

  • 26 October 2022
  • 0 replies
  • 199 views
Microsoft Update - Deprecation of Basic Authentication
Userlevel 5
Badge +3

Microsoft has announced that as of October 1, 2022, they have begun the process of removing basic authentication for Outlook, EWS, RPS, POP, IMAP, and EAS protocols in Exchange Online. SMTP Auth will also be disabled if it is not being used. 
For more information on this announcement, see this article.

How does this affect Cymulate users?

Cymulate users that have configured the SMTP connection via Office365 basic authentication will need to reconfigure the SMTP connection. The previous Office365 option which supported basic authentication has been removed, and the Office365MFA option, which supports all Office365 accounts, has been renamed Office365

Reconfiguring the Office365 connection (Service-based agent)

To reconfigure the SMTP connection, follow the instructions below.

  1. Open the CMD and enter:
  2. For Client type, enter 3 to select Office365. If an interactive browser is found on your system, it will automatically open and prompt you to log in to your account. Otherwise, continue with the instructions  below. 
  3. Copy the displayed code.
  4. In your browser, go to https://microsoft.com/devicelogin.
  5. Enter the code copied from the CMD and click Next
  6. Sign in with Microsoft credentials and click Next.

    If your organization does not require admin consent OR if you are using admin credentials to sign in, skip to step 21 after completing this step.

     
  7. If your organization requires admin approval, you will see the following screen. Click Have an admin account? Sign in with that account. (This is necessary this even if you don’t have an admin account).
  8. Enter a justification for the approval request. For example, ‘Need approval to connect to the Cymulate agent’.
  9. Click Request approval.
  10. The admin needs to visit the Azure portal and go to Enterprise applications > Admin consent requests.
  11. The admin should click on the Cymulate Agent request. 
  12. The admin should click Review permissions and consent.
  13. To approve, the admin should click Accept.

    The Cymulate agent will only receive access to the designated mailbox that was provided during the email connection setup. The agent will not attempt to access any other mailboxes and will not have the permissions to do so. 

    Once this initial approval has been granted by the admin, other users in the organization will be able to connect their own accounts to the Cymulate agent for the purpose of conducting Email Gateway assessments  without need to repeat this admin approval process. 

  14. Within 5 minutes of the admin approval (admin clicking Accept in the previous step), you will need to repeat the email connection setup.
  15. Go back to the CMD and enter:
    cymulate smtp set
  16. For Client type, enter 3 to select Office365. 
  17. Copy the displayed code.
  18. In your browser, go to https://microsoft.com/devicelogin.
  19. Enter the code copied from the CMD and click Next
  20. Sign in with Microsoft credentials.
  21. Click Accept to accept the requested permissions. 
  22. The agent should be successfully connected.  

If the Cymulate agent has been allowed access via the Microsoft device login consent process, but you are still having issues connecting, it may be due to use of Azure AD's Tenant Restrictions feature. For more information on solving this connection issue, see this article

The permission scopes requested by the Cymulate agent are:

  • offline_access
  • Email
  • User.read
  • Mail.read
  • Mail.send
  • Mail.readwrite

For more information on configuring email settings in non-service-based agents, see: 

​​​​​

 


0 replies

Be the first to reply!

Reply