MT.1044 - Ensure modern authentication for Exchange Online is enabled
Overviewβ
Modern authentication for Exchange Online MUST be enabled
Rationale: Modern authentication enables enhanced security features like multifactor authentication (MFA), certificate-based authentication (CBA), and third-party SAML identity providers. Without modern authentication, users are more vulnerable to password-based attacks.
Remediation action:β
- Connect to Exchange Online:
Connect-ExchangeOnline
- Enable modern authentication:
Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
- Verify the setting:
(Get-OrganizationConfig).OAuth2ClientProfileEnabled
The result should be True.
Related linksβ
- Enable or disable modern authentication in Exchange Online
- Modern authentication overview
- Microsoft Secure Score - Enable modern authentication
Test Metadataβ
| Field | Value |
|---|---|
| Test ID | MT.1044 |
| Severity | High |
| Suite | Maester |
| Category | Exchange |
| PowerShell test | Test-MtExoModernAuth |
| Tags | Exchange, Maester, MT.1044 |
Sourceβ
- Pester test:
tests/Maester/Exchange/Test-ExchangeSetting.Tests.ps1 - PowerShell source:
powershell/public/maester/exchange/Test-MtExoModernAuth.ps1