Byte-Sized Video: Minimize the Impact of Basic Auth
October 15, 2020 at 01:30 pm EDT
Share
It's a pretty common situation: organizations spend their resources on maintaining legacy software and legacy protocols. Today, this is often supported by hybrid domain joined devices and Microsoft Azure AD. But did you know that this can actually lead to a lax security posture?
In this type of setup, any time your users log in to a Windows 10 device, it will request and receive a primary refresh token (PRT) without any prompt for multi-factor authentication (MFA). This is because Azure AD uses basic rather than modern authentication so as to support legacy protocols. This also applies to older protocols such as WS Trust. This means that traffic destined for your domain requires only a username and password to obtain access-and with the high volume of data breaches that occur today, that's just not enough.
Fortunately, Okta understands this need. With our Custom User Agent String available in the O365 application, you can create specific, selective policies for different types of user agents from your various devices and applications. This way, if you have Windows 10 machines connected in a hybrid domain joined architecture, or your company is still dependent on WS Trust for a few trusted user agents, you can still allow basic authentications for them. And that's without compromising the security of everything else. Check out the byte-sized video below to see it in action:
Since the default policy for the Okta Microsoft Office 365 app is to block basic authentications-and this affects all Azure AD authentications-adding a selective solution like Custom User Agent String is the the best way to make sure your favorite tools, such as Autopilot, Conditional Access, and Windows Hello for Business, are both secure and accessible. This can be accomplished without blocking logins from your legacy Windows machines and protocols. To learn more about securing your O365 environment, check out our Securing Office 365 with Okta whitepaper. Or if you'd like to learn more about the Hybrid Domain Joined environment and Okta, just click here. You can also talk to our team to learn even more about how Okta is the ideal IdP to support your Microsoft architecture.
Attachments
Original document
Permalink
Disclaimer
Okta Inc. published this content on 15 October 2020 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 15 October 2020 17:29:05 UTC
Okta, Inc. is an independent identity provider company. The Company's Okta Identity Platform is an independent and neutral cloud-based identity solution that allows its customers to integrate with nearly any application, service or cloud that they choose through its secure platform and cloud infrastructure. Its Workforce Identity Cloud is used as the central system for an organizationâs connectivity, access, authentication and identity lifecycle management needs spanning all of its users, technology and applications. Its Workforce Identity products include Universal Directory, Single Sign-On, Adaptive Multi-Factor Authentication, Lifecycle Management, API Access Management, Access Gateway, Advanced Server Access and Okta Identity Governance. The Companyâs Customer Identity products include Universal Login, Attack Protection, Adaptive Multi-Factor Authentication, Passwordless, Machine to Machine, Private Cloud, Organizations, Actions and Extensibility, and Enterprise Connections.
OKTA, INC. 
