Update O365 Plug-in to work with Modern Authentication

We have disabled basic authentication on our O365 tenant are therefore unable to make this plug-in work. Is there development in the works to update the authentication query syntax to the modern authentication format? I suspect more customers will be requesting this feature, as basic auth is deprecated and going away. We really need the ability to automate phishing email search and purge.

1 Like

Which plugin? We have a bunch of O365 ones. In most, we’re using the OAuth flow, which is the recommended mechanism from MS.

microsoft_office365_email, microsoft_office365_email_security

Ahhh…yea, so with the way the O365 email plugin works (and email security sort of), we have to tie our API calls to an account. This allows the ability to send/receive email, and some auditability.

I’m making an assumption that your org turned on 2FA which will break that connection if used with a regular user account.

To make this work, what we recommend, is to create a specific automation account that bypasses the 2FA requirement. You can secure this account by only allowing it to log in from the IP address of the orchestrator.

This will allow for automation, but keep a high level of security in place.

EDIT: O365 Security uses basically the same authentication mechanism, it just does it in a manual way as opposed to O365 email where we take advantage of some MS Graph API magic.

The problem is that we have basic authentication disabled at the tenant level, so I’m not sure how we follow your suggestion without re-enabling it on the tenant. We have a conditional access policy that we could bypass with the account we plan to use for this connection, so theoretically wouldn’t that satisfy the authentication requirement?

We have a conditional access policy that we could bypass with the account we plan to use for this connection, so theoretically wouldn’t that satisfy the authentication requirement?

That should work. You can bypass 2FA specifically. We’ve had to do that before in very strict environments. As long as you can log in without 2FA, these plugins should work.

In order to make it work though the authentication query made by the plug-in needs to be modified on to reflect the modern authentication syntax. Is this something the dev team can change?

That applies to just the O365 Security Plugin where we are doing PowerShell in the background. Let us look into that more and see what we can do. It’s not a trivial fix, so it might take some time.

We greatly appreciate that!