Losing Access to Exchange Online

March 26, 2020/

At Akins IT, we pride ourselves in ensuring that our clients are made aware of technological updates that have a high likelihood of impacting their environments. Today’s update is in regards to Microsoft’s discontinuation of support for Basic Authentication for Exchange Online. This change will make Exchange Online more secure by preventing bad actors from bypassing Microsoft security features that are incompatible with Basic Authentication, such as MFA and Conditional Access.

At this time, Microsoft has indicated that this change will now go into effect during the second half of 2021- as opposed to the previous date of October 13, 2020. Microsoft will release a more precise date once they have a better understanding of the impact of COVID-19. Basic authentication will be disabled for newly created tenants by default and starting October 2020, disabled for tenants that have no recorded usage.

Once in effect, this change will result in the retirement of Basic Authentication for EWS, EAS, IMAP, POP and RPS to access Exchange Online. Any application using OAuth 2.0 and connecting with the aforementioned protocols will continue to work without change or interruption. This change does not impact SMTP AUTH.

What do I need to do to prepare for this change?

  • Start by updating the client applications your users are using to versions that support OAuth 2.0
    • Mobile devices should use the Outlook app for the best support, or other email apps that support Modern Authentication
    • Desktop/laptops should use Outlook 2013 or newer
  • Developers should ensure that any code they have written is updated to support OAuth 2.0
  • Confirm that any 3rd-party applications which access Exchange Online support OAuth 2.0 or switch to comparable applications that do support OAuth 2.0

You may refer to the following Microsoft blog from the Exchange Team to learn more about this retirement:

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-auth-and-exchange-online-february-2020-update/ba-p/1191282L

Please reach out to us at Akins IT, if you would like to discuss this change in more depth and discover how your organization could benefit from implementing MFA and Conditional Access today!