Earlier, I've had an experience with an organization, which originally managed their own Linux / Apache webservers, which had their own Basic Auth authentication.
Later, this organization moved to paying for Microsoft services - and one thing I noticed at this point, was that it became possible to use the Microsoft-managed e-mail accounts (username and passwords) to authenticate to the Apache webservers. All it took was some setup in .htaccess files - which I have unfortunately lost; all I remember is, that after this setup, I could have used the require user username stanza in .htaccess, and the allowed users could have just logged in using their e-mail credentials.
Now I work with another organization, which also recently moved their entire e-mail management to Microsoft, so I guess, it is Office 365. They also have a Linux Apache server, which uses Basic Auth from a .htpasswd file. So, I would like to try, and move the Basic Auth of this Linux Apache server, to authentication from Office 365, such that the allowed users will be able to use their e-mail credentials to log into the Linux Apache server.
So, first question is - is this possible? (I mean sure it is in principle, as I've seen it being done some time ago - but is it possible with Microsoft online products in 2024?)
One problem I can see is:
So, no more Basic Auth from Microsoft.
The next question is - if possible, how exactly do I do this? I don't really know the names of Microsoft products (and it's of course useless to learn them, they'll change/break anything as they please, they don't care as long as they can squeeze money out of you, just as Google or any of those parasites), so what do I look for?
For instance, if an organization has their e-mails managed by Microsoft (Office 365), does the organization have automatic access to Active Directory/LDAP server for authentication - or do they have to pay extra? Or is there no Active Directory/LDAP anymore, and now it's called something else?
I've found these resources:
- https://maarten.mulders.it/2019/03/securing-apache-httpd-with-microsoft-active-directory/ - cool, but do organizations that have their e-mail managed by Microsoft Office 365 (?) have automatic access to LDAP?
- http://dbaharrison.blogspot.com/2018/08/modern-apache-authentication-with-azure.html - this shows the complications of Azure AD authentication of Apache server, but I still cannot tell: do organizations that have their e-mail managed by Microsoft Office 365 (?) have access to Azure AD (?) ? Does Azure AD actually contain the Microsoft-managed e-mail accounts and authentication, or is it a standalone instance?
So, how is this setup (of Apache webserver secured areas, being authenticated by Microsoft-managed email credentials, via .htaccess) supposed to be done? What would be the recommended reading, so I learn more about these possibilities, and possibly get a concrete example of this kind of setup?