What is happening?
Between October 1st 2022 and December 31st 2022, Microsoft will disable access to Exchange Online via the old authentication method, which is known as Basic Authentication.
What is Basic Authentication?
Basic Authentication is a way that Microsoft 365 authenticates your username and password when signing into Microsoft services like Outlook. It has been used for a long time and is now coming to end of life and being replaced by a more modern and secure authentication method.
Why is Basic Authentication being disabled?
Basic Authentication is an outdated industry standard that is insecure and vulnerable to exploitation.
What will happen when Basic Authentication is disabled?
When Basic Authentication is disabled, you will no longer be able to sign in to any Microsoft service that uses it. If you try, you will receive a ‘password incorrect’ prompt.
Furthermore, app passwords which are commonly used to circumvent multi-factor authentication for Microsoft services that use Basic Authentication will no longer work.
Some of the Microsoft services that use basic authentication are Exchange Online for Exchange ActiveSync, POP, IMAP, Remote PowerShell, Exchange Web Services, Offline Address Book, Outlook for Windows and Mac.
SMTP Authentication
SMTP Authentication is also being disabled for all customers that are not utilising this service.
What is replacing Basic Authentication?
Basic Authentication is being replaced by Modern Authentication which has many benefits and security improvements. One of the biggest improvements is that it supports Multi-Factor Authentication which adds another layer of security when signing into Microsoft services.
Read more about Multi-Factor Authentication.
When will this change take place?
New Microsoft 365 Tenants
If you’re a new Microsoft 365 customer, Basic Authentication will already be disabled as your tenant will have security defaults enabled – meaning you will already be experiencing the benefits of Modern Authentication.
Older Microsoft 365 Tenants
Microsoft have started to disable Basic Authentication for tenants with no reported usage and in October 2022 will begin disabling Basic Authentication completely. SMTP authentication will also be disabled if it is not being used.
Can the change be delayed?
There will be one final opportunity to postpone this change and tenants will be allowed to re-enable any of the affected protocols once between October 1st 2022 and December 31st 2022. Any protocols that are re-enabled will be permanently turned off in January 2023 with no possibility of further use.
Does Office/Outlook 2013 (on a Microsoft Windows device) support Modern Authentication (OAuth2)?
Microsoft Office/Outlook 2013 (on a Microsoft Windows device) supports Modern authentication. However, to turn it on, please follow this guide.
What do I do going forward?
It’s important to make sure that any services and applications you use that access your Microsoft 365 account support Modern Authentication (OAuth2).
To update your applications that use legacy clients, follow the instructions below. All devices that use legacy clients need to be updated.
For non-Microsoft services, you should speak to the provider of this software to confirm any required actions.
Windows or MacOS
If you’re using Windows or MacOS, sign in to https://portal.office.com and select Install Office > Office 365 Apps in the right-hand corner of the screen. This will download the latest version of Microsoft Office onto your device.
iOS
If you’re using an iOS device, download the latest version of Microsoft Applications for iOS from below:
Android
If you’re using an Android device, download the latest version of Microsoft Applications for Android below:
Outlook on the Web
If you struggle to access your email through any mail application, you can access your emails through any web browser (including Microsoft Edge, Google Chrome, Mozilla Firefox etc…) through Outlook on the Web.
All of the latest versions of Microsoft applications support modern authentication so any problems you experience should be fixable by uninstalling the application and installing the latest version from the links provided.
We encourage you to follow these steps in the first instance. If you still experience problems, you can contact the Cobweb support team by filling out the form below.