Starting October 1st, Microsoft will start to randomly select tenants and disable Basic authentication for Exchange Online.
Basic authentication has been used by client applications for many years to connect to servers, services, and endpoints. Basic authentication sends a username and a password with every request and does not require TLS. This can leave user credentials vulnerable to interception by attackers. Furthermore, the enforcement of multifactor authentication (MFA) is not simple or in some cases, possible when Basic authentication remains enabled. Basic authentication is an outdated industry standard and there are more effective user authentication alternatives including security strategies such as Zero Trust (Never Trust, Always Verify).
Microsoft is making this change to switch customers to Modern authentication. Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client and a server. It enables authentication features like multi-factor authentication (MFA), smart cards, certificate-based authentication (CBA), and third-party Security Assertion Markup Language (SAML) identity providers.
Disabling Basic Authentication will impact:
- MAPI, RPC
- Offline Address Book (OAB)
- Exchange Web Services (EWS)
- POP
- IMAP
- Exchange ActiveSync (EAS)
- Remote PowerShell
**Microsoft will NOT be disabling or changing any settings for SMTP AUTH.**
If you have removed your dependency on basic authentication, this will not affect your tenant or users.
Additional Resources:
• Office 365 Reports: It’s Time to Disable Basic Authentication in Office 365
• Microsoft: Basic Authentication Deprecation in Exchange Online – September 2022 Update
• Microsoft Ignite: Disable Basic authentication in Exchange Online
Morefield is here to help you make smart technology decisions and we encourage you to contact us if you have any questions or concerns.
For additional information on our Managed Service Agreements and proactive IT support, please give us a call at 717-761-6170 or email us.