Hi @Chris4,
The current recommended way of doing this is to rely on reverse proxy in front of Kibana to supply Authorization: Basic *** header, like explained here for NGINX. I don't have examples with IIS, but the idea is the same: attribute every request to Kibana with Authorization: Basic *** HTTP header.
Best,
Oleg