MC467901 – In the coming weeks, we’re going to turn off Basic authentication for the Autodiscover protocol in Exchange Online.
Timeline and Scope
As Microsoft has communicated multiple times over the past few years and with multiple Message center posts, the company began to turn off Basic authentication for several protocols in our worldwide multi-tenant service on October 1, 2022.
Next, Microsoft intends to block Basic auth to the Autodiscover service, which is typically used by Outlook, Exchange ActiveSync, and Exchange Web Services apps to help them automatically configure and connect.
Once Basic auth is disabled in your tenant, there’s no reason to keep Autodiscover Basic auth enabled, so Microsoft plans on disabling it to further protect your tenant. Microsoft will do this during the next few months. If you re-enabled Basic auth in your tenant, or took the option to request more time, we’ll turn off Autodiscover after that extension has expired.
What should I do to prepare for this change?
Once Basic auth for is permanently disabled, there’s no additional impact from disabling Basic auth for Autodiscover. Microsoft will only disable Autodiscover in your tenant when Basic auth for all other protocols has been permanently disabled.
As with all the other impacted protocols, we’re not turning off the protocol itself, only the ability to authenticate to the protocol using nothing more than a username and password.
To understand more about this change please read our blog.
Previous Exchange Online Changelog Messages
Whether it’s Security or Cloud Computing, we have the know-how for you. Sign up for our newsletters here.