Deadline for Basic Authentication in Exchange: October 1st

by HubSite 365 about Microsoft

Software Development Redmond, Washington

Pro UserExchange OnlineSecurityM365 Hot News

Stay protected with Microsoft: Basic Authentication retirement for Exchange Online due by Oct 1st, 2022.

The Transition from Basic Authentication to Modern Authentication in Exchange Online

The transition from Basic Authentication to Modern Authentication for Exchange Online is underway and as set out by Microsoft, October 1st marks a significant milestone in this process. In this video, Microsoft inform audiences on the imminent termination of Basic Authentication in Exchange online for a number of protocols. This move is set to drastically amplify security, since Basic Authentication has been identified as a primary source of compromised customer accounts.

Microsoft reports that many customers remain vulnerable as their tenants still have Basic Authentication enabled. The tech giant has disabled Basic Auth in several tenant accounts that were not utilising it, to fortify those accounts from possible attacks. They are also disabling protocols that remain unused within tenants that still employ Basic Authentication.

This change has been communicated extensively, with customers and partners making commendable progress in transitioning from Basic to Modern Authentication. Now, beginning October 1, Microsoft will start disabling Basic Authentication in stages. The full cessation is expected to be achieved before the end of the year. Hence, users should be prepared by October.

The protocols that will be impacted by this move are MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. However, SMTP AUTH will not be affected.
After October, no requests for exceptions will be entertained. Tenant selection for this change is random and cannot be influenced for any specific date or requests for more time.
Users should be aware that any client application using Basic Authentication for any of the impacted protocols will fail to connect and will give an HTTP 401 error: bad username or password.
Users should also update any apps that are using Basic Authentication with the EWS protocol, since EWS supports app-only access. Any such changes should be carried out before October 1 to avoid any service interruption.

Azure AD sign-in events can be monitored to track users who are still using Basic Authentication. Microsoft has been projecting Basic Authentication usage since October 2021 through monthly Message Center posts to tenants. To review this information, administrators can go to the Azure portal to check the usage details, which are only available inside their tenant for privacy reasons.

After users have transitioned to Modern Authentication, the Microsoft recommended way to disable Basic Auth is to use Authentication Policies to block Basic Auth. Users should avoid using Set-CASMailbox or Conditional Access, as those are both post-authentication. If users are still needing help in this transition, they can enlist the help of partners, MVPs, community, or Microsoft support engineers.

Implications and Measures

While Microsoft takes an upper hand in progressing towards a more secure exchange of information, it's crucial for customers to stay vigilant and informed. Comprehending the broad scope of Basic Authentication's vulnerability and the different Marshall protocols affected by the change, organizations need to respond proactively to mitigate losses.

The accessibility of tools and guides like Azure AD sign-in events and Authentication Policies, allows for seamless transitions and adaptations. Thus, Microsoft's assertive stand on information security is shaping a safer and seamless future for its users. Nonetheless, readiness from the user's side is the key to successful navigation through this significant technological revolution in cloud security.

Read the full article End of Basic Authentication for Exchange on October 1st

Exchange Online - Deadline for Basic Authentication in Exchange: October 1st

Learn about End of Basic Authentication for Exchange on October 1st

Microsoft has announced the end of Basic Authentication for Exchange, marking a shift in protocol use. But, what does this mean for users and how can individuals better equip themselves for this change? Here's an elaborate exploration of the topic, highlighting what to expect and how to prepare for the impending shift.

The retirement of Basic Authentication commences on 1st October. Beyond this date, Microsoft will progressively disable Basic Auth for protocols in Exchange Online. Essentially, clients and applications that still rely on Basic Authentication will need to transition to Modern Authentication.

Understanding the Change

Basic Authentication, despite being common, is a prime gateway for numerous cyber threats. To enhance security, Microsoft aims to replace Basic Auth with Modern Authentication, significantly reducing the risk of attacks.

Key Changes and Specifications

Come 1st October, there's a clear strategy outlined. Microsoft will start randomly picking tenants, issues a seven-day warning by posting Message Center posts and Service Health Dashboard notices, before eventually disabling Basic Auth for the picked tenant. This meticulous process triggers the definitive transition towards Modern Authentication, which should ideally conclude by the end of the year.

Notably, Modern Authentication will replace Basic Auth for various protocols, including MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. However, SMTP AUTH will not be impacted.

Preparing for the Change

End users should adhere to a few crucial preparatory steps to comfortably navigate the shift. These include ensuring they have Outlook for Windows updated, checking that the right registry keys are in place, confirming that the tenant-wide switch to enable is set to True, and more.

Extensive documentation provides guidance on transitioning various applications from Basic to Modern Authentication. This resource is beneficial for customers of all sizes in their quest to adapt to the change.

Important Recommendations

Microsoft's team also suggests disabling SMTP AUTH at the tenant level and re-enabling it only for those user accounts that still need it. If tenants are already logged in to another Microsoft 365 app, such as Teams, they are already authenticated and so it's very likely they will not see any kind of auth prompt.

Guidance for Developers

Developers who currently use POP and IMAP for application access will find OAuth support for interactive applications. Also, Application Access Policies are available to control what an app can access in the case of apps using EWS with Basic Auth.

Support Availability

If additional help is needed during this transition, Microsoft's network of partners, MVPs, community, and Microsoft support engineers are ready to step in. The collective experience and knowledge of these individuals can help make the shift from Basic to Modern Authentication as smooth as possible.

Remember, disabling Basic Auth contributes positively towards preserving the security of your applications. Ensure you're prepared for this change and following the guidelines provided.

Keywords

End Basic Authentication Exchange, Exchange Basic Authentication Termination, October 1st Exchange Update, Exchange Update Basic Authentication, Termination Basic Authentication Exchange, Exchange 1st October Change, Exchange Authentication Upgrade October, Basic Authentication Exchange End, Exchange Authenticity Update, October Exchange Basic Authentication.