Microsoft has announced that Office 365 Basic Authentication will be disabled beginning October 1, 2022.
Affected Services:
- Exchange Online for Exchange ActiveSync (EAS)
- POP, IMAP, and SMTP Auth
- Remote PowerShell
- Exchange Web Services (EWS)
- Offline Address Book (OAB)
- Outlook for Windows, and Mac
Why is Basic Authentication being deprecated?
- Basic authentication is an outdated industry standard
- Basic authentication is easier for attackers to capture user credentials
- Enforcement of Multi-Factor Authentication (MFA) is not possible with Basic Authentication
What do I need to do?
- Review if you are using Basic Authentication here Deprecation of Basic authentication in Exchange Online
- Review options to remediate affected services here Client Options for Remediation
How do I know if I’ll be impacted?
As Basic Authentication will be deprecated on October 1, 2022 this year, all the users who are using Basic Authentication need to be upgraded to Modern Authentication because they will run into issues accessing their account/Office apps.
You can check the Azure Sign-in logs to view which users/devices are still using Basic Authentication using the procedure below:
- Go to portal.azure.com
- Go to Azure Active Directory > Users > Sign-in logs
- Click on Add filters.
- Select Client app
- Click on “Client app: None Selected”
- Select all the apps under Legacy Authentication Clients.
- Apply the filter for last 1 month.
- Click on Download > Download CSV
You will have all the users listed who are currently using Basic Authentication. These users need to be upgraded to Modern Authentication.
How 360 Visibility can help you:
If you require assistance reviewing your environments and affected services, or have additional questions regarding Office 365 Basic Authentication deprecation and how it impacts your organization – Click here to learn about our Microsoft 365 Support Services.