Attackers will go after weaker credentials and passwords to gain network access. Small businesses often set up shared mailboxes that are used for various functions. If one set of credentials for a shared mailbox is compromised, it could have a wide impact on the company.
If you’ve enabled multi-factor authentication (MFA), you might think that you’ve done enough to ensure you are protected. Unless you disable legacy authentication in your Office 365 implementation, however, you are still at risk. Basic authentication is enabled by default in all Office 365 implementations unless you disable it.
First, how do you know if your Office 365 still supports basic authentication? Open Microsoft Outlook and look at the authentication window that pops up to ask you for a password. If it looks like the traditional authentication window you’ve seen for years, basic authentication is still enabled.
(Note: All screenshots were taken in June 2019. Given that Office 365 and Azure are fluid platforms, they might look different when you view them later.)