SMTP - User agent BAV2ROPC - Basic authentication deadline
491 views
Skip to first unread message
selahattin şadoğlu
Aug 22, 2022, 1:59:03 PM8/22/22
to ntsysadmin
Hi All,
I ran the sign-in logs report (checking the legacy authentication clients as recommended) in Azure AD to get my bearings and we have hundreds of requests from SMTP.
This is all great, but I can't find a source that actually gives an example of what to look for in those logs.
Request ID
cb040b3b-7dd9-465d-a697-0bc27bbf1200
Correlation ID
f6387b7a-672d-475b-8105-e6906379baba
Authentication requirement
Single-factor authentication
Status
Success
Continuous access evaluation
No
Troubleshoot Event
Follow these steps:
Launch the Sign-in Diagnostic.
Review the diagnosis and act on suggested fixes.
User
User11
Username
us...@domain.com
User ID
f471d3de-87cd-4f75-a432-e15d8c7828e8
Sign-in identifier
us...@domain.com
User type
Member
Cross tenant access type
None
Application
Office 365 Exchange Online
Application ID
00000002-0000-0ff1-ce00-000000000000
Resource
Office 365 Exchange Online
Resource ID
00000002-0000-0ff1-ce00-000000000000
Resource tenant ID
ec28f819-3ec5-428a-b870-c4fcf32da73a
Home tenant ID
ec28f819-3ec5-428a-b870-c4fcf32da73a
Home tenant name
Client app
Authenticated SMTP
Client credential type
Client assertion
Service principal ID
Service principal name
Resource service principal ID
eb35ffe4-32d9-4ce7-95e1-23f907fb42db
Unique token identifier
Y2IwNDBiM2ItN2RkOS00NjVkLWE2OTctMGJjMjdiYmYxMjAw
Token issuer type
Azure AD
Token issuer name
Incoming token type
None
Authentication Protocol
ROPC
Latency
229ms
Flagged for review
No
User agent
BAV2ROPC
I ran the sign-in logs report (checking the legacy authentication clients as recommended) in Azure AD to get my bearings and we have hundreds of requests from SMTP.
This is all great, but I can't find a source that actually gives an example of what to look for in those logs.
Request ID
cb040b3b-7dd9-465d-a697-0bc27bbf1200
Correlation ID
f6387b7a-672d-475b-8105-e6906379baba
Authentication requirement
Single-factor authentication
Status
Success
Continuous access evaluation
No
Troubleshoot Event
Follow these steps:
Launch the Sign-in Diagnostic.
Review the diagnosis and act on suggested fixes.
User
User11
Username
us...@domain.com
User ID
f471d3de-87cd-4f75-a432-e15d8c7828e8
Sign-in identifier
us...@domain.com
User type
Member
Cross tenant access type
None
Application
Office 365 Exchange Online
Application ID
00000002-0000-0ff1-ce00-000000000000
Resource
Office 365 Exchange Online
Resource ID
00000002-0000-0ff1-ce00-000000000000
Resource tenant ID
ec28f819-3ec5-428a-b870-c4fcf32da73a
Home tenant ID
ec28f819-3ec5-428a-b870-c4fcf32da73a
Home tenant name
Client app
Authenticated SMTP
Client credential type
Client assertion
Service principal ID
Service principal name
Resource service principal ID
eb35ffe4-32d9-4ce7-95e1-23f907fb42db
Unique token identifier
Y2IwNDBiM2ItN2RkOS00NjVkLWE2OTctMGJjMjdiYmYxMjAw
Token issuer type
Azure AD
Token issuer name
Incoming token type
None
Authentication Protocol
ROPC
Latency
229ms
Flagged for review
No
User agent
BAV2ROPC
Michael B. Smith
Aug 22, 2022, 7:57:20 PM8/22/22
to ntsys...@googlegroups.com
SMTP is not the same as EWS. Which is what I believe you posted about earlier.
And as I noted here last week, authenticated SMTP is not going away.
What you likely need to be paying the closest attention to is source IP address.
Thanks.
Regards,
Michael B. Smith
Managing Consultant
Smith Consulting, LLC
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntsysadmin/d63285a3-1d12-43fb-b1cb-088634864cdcn%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages