If you're writing a server application and you wish all of your clients to be authenticated, you should read Items 35 and 36 to learn how to limit access to anonymous clients. One important approach is to avoid ever granting access to Everyone, preferring Authenticated Users when you want to grant a permission to all your clients.

If you want to provide service to unauthenticated users, and you won't be bothering to authenticate any of your clients, then you won't be performing any authorization (since you don't know the identity of any of your clients) and therefore this item doesn't apply to you.

But if you want to service both authenticated and unauthenticated requests, then, if you're going ...