At Akins IT, we pride ourselves in ensuring that our clients are made aware of technological updates that have a high likelihood of impacting their environments. Today’s update is in regards to Microsoft’s discontinuation of support for Basic Authentication for Exchange Online. This change will make Exchange Online more secure by preventing bad actors from bypassing Microsoft security features that are incompatible with Basic Authentication, such as MFA and Conditional Access.
At this time, Microsoft has indicated that this change will go into effect on October 13, 2020, resulting in the retirement of Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Any application using OAuth 2.0 and connecting with the aforementioned protocols will continue to work without change or interruption. This change does not impact SMTP AUTH.
What do I need to do to prepare for this change?
- Start by updating the client applications your users are using to versions that support OAuth 2.0
- Mobile devices should use the Outlook app for the best support, or other email apps that support Modern Authentication
- Desktop/laptops should use Outlook 2013 or newer
- Developers should ensure that any code they have written is updated to support OAuth 2.0
- Confirm that any 3rd-party applications which access Exchange Online support OAuth 2.0 or switch to comparable applications that do support OAuth 2.0
You may refer to the following Microsoft blog from the Exchange Team to learn more about this retirement:
Please reach out to us at Akins IT, if you would like to discuss this change in more depth and discover how your organization could benefit from implementing MFA and Conditional Access today!