Ensure modern authentication for SharePoint applications is required

Why This Matters

Legacy basic authentication for SharePoint applications bypasses critical security controls like multifactor authentication (MFA), certificate-based authentication (CBA), and third-party SAML identity providers. Without modern authentication, an attacker who compromises user credentials can access SharePoint resources directly, even if you have strong authentication policies elsewhere in your tenant. Requiring modern authentication ensures that all SharePoint sessions, whether from users or applications, pass through the same secure authentication pipeline.

What Aether365 Checks

Aether365 verifies that the SharePoint admin center setting "Apps that don't use modern authentication" is configured to Block access. This check appears in your Aether365 dashboard under Microsoft 365 security checks.