Requires modern authentication for applications
sharepoint_modern_authentication_required
Microsoft 365 SharePoint tenant settings require modern authentication for applications and block access for apps using legacy protocols.
The assessment determines whether legacy authentication is disabled so only OAuth-based sign-ins with advanced controls are allowed.
Risk
Without modern authentication, SharePoint is exposed to:
- Password spraying and credential stuffing (no MFA)
- Session/token capture and replay from basic auth
- Unauthorized access leading to data exfiltration and tampering
This undermines data confidentiality and integrity, enabling lateral movement.
prowler m365 --checks sharepoint_modern_authentication_required
Recommendation
Enforce modern authentication tenant-wide and disable legacy protocols. Require MFA and apply conditional access to all SharePoint apps. Migrate or block legacy clients, adhere to least privilege for app permissions, and monitor sign-ins to eradicate legacy auth usage.
Remediation
Set-SPOTenant -LegacyAuthProtocolsEnabled $false
- Open the SharePoint admin center (admin.microsoft.com/sharepoint)
- Go to Policies > Access control > Apps that don't use modern authentication
- Select Block access and click Save
Source Code
Resource Type
NotDefined