Authentication Policies
This section describes the design decisions associated with Authentication Policies for system(s) built using ASD's Blueprint for Secure Cloud.
Estimated reading time: 1 minute
Authentication policies control the authentication methods which can be used to access Exchange Mailboxes. Authentication polices can be leveraged to protect the organisation from brute force and spray attacks. To protect against this, Basic Authentication can be blocked. Basic authentication is where a username and a password are leveraged for client access requests.
Blocking Basic Authentication forces clients to use Modern Authentication. Blocking Basic Authentication can cause issues when clients within the environment do not support Modern Authentication. If this occurs, it is recommended to investigate whether the client can be upgraded to support Modern Authentication. If it can, then it is recommended that the client be upgraded. If it cannot then a separate authentication policy can be leveraged enabling Basic Authentication for that client only.
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Basic Authentication | Disabled | Basic Authentication has known exploits, Modern Authentication is preferred. |
| Authentication Policy Configuration | Configured | Authentication Policy will be deployed to meet the security requirements of the organisation and be deployed in conjunction with the organisation’s security requirements. |
Related information
Security & Governance
Design
- None identified
Configuration
- None identified
References
- None identified