Out of office error validating user agent execution access

10-Dec-2019 19:19

Not all access protocols used by Office 365 mail clients support Modern Authentication.Protocols like POP and IMAP only support basic authentication and hence cannot enforce MFA in their authentication flow. Regardless of the access protocol, email clients supporting Basic Authentication can sign-in and access Office 365 with only username and password despite the fact that federation enforces MFA. Modern authentication protocols like Exchange Active Sync, EWS and MAPI can also be used with basic authentication.Okta supports a security feature through which a user is notified via email of any sign-on that is detected for their Okta user account from a new device or a browser.The email provides information about the timestamp, location, and device information, such as IP Address and user agent (OS version/browser).It has proven ineffective and is not recommended for the modern IT environments especially when authentication flows are exposed to the internet as is the case for Office 365. Modern Authentication To address the common security concerns and end-user experience requirements associated with Office 365 deployments, Microsoft introduced the Active Directory Authentication Library (ADAL) for Office 365 client applications, referred to as Modern Authentication.

Doing so for every Office 365 login may not always be possible because of the following limitations: A.The most commonly targeted application for these attacks is Office 365, a cloud business productivity service developed by Microsoft.Okta’s customers commonly use a combination of single sign-on (SSO), automated provisioning, and multi-factor authentication (MFA) to protect their Office 365 tenants against the aforementioned attacks.Table 1 summarizes the list of Office 365 access protocols and the authentication methods they support.

Note that ‘Power Shell’ is not an actual protocol used by email clients but required to interact with Exchange.

In the context of authentication, these protocols fall into two categories: Access Protocols A.