Ensure modern authentication for Exchange Online is enabled
Why This Matters
If modern authentication is disabled for Exchange Online, users with Outlook 2013 and 2016 will fall back to basic authentication for email access. This bypasses critical security controls like multifactor authentication (MFA), certificate-based authentication, and third-party SAML identity providers. Enabling modern authentication ensures all email client sessions use strong authentication mechanisms, reducing the risk of credential theft and unauthorized access.
What Aether365 Checks
Aether365 verifies that the Exchange Online organization configuration has OAuth2ClientProfileEnabled set to True, which enables modern authentication for supported email clients. This check appears in the Aether365 dashboard under Microsoft 365 security checks, specifically within the CIS framework compliance section.