Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft to Disable Basic Authentication for the Autodiscover Protocol in Exchange Online

Microsoft started switching off Basic Authentication support for Exchange Online customers back in October. The company announced yesterday that it’s killing off Basic Authentication for the Autodiscover service on December 31, 2022.

The Autodiscover protocol allows client applications to get the configuration data required to communicate with the Exchange Server. It’s used by Outlook, Exchange ActiveSync, and other Exchange Web Services (EWS) clients.

For instance, the protocol gets invoked when a user adds a new Exchange account to Microsoft Outlook. The user provides their email address and password, and Outlook uses Autodiscover to retrieve all other details required to set up the client.

Last year, security researchers discovered a design flaw in the Autodiscover protocol that allowed attackers to harvest domain credentials. Microsoft claims that this upcoming change should help to secure customers’ accounts and sensitive information.

Getting ready for the Autodiscover protocol deprecation in Exchange Online

However, it’s important to note that Microsoft is not deprecating the Autodiscover protocol itself. This release will only remove the capability that allows users to authenticate to the protocol via insecure methods like username and password.

“We’re starting right away with the tenants with no Basic auth usage at all in 2022, and then in early 2023 (as Basic auth for related protocols is permanently disabled), we will move on to everybody else. If you re-enabled Basic auth in your tenant, or took the option to request more time, we’ll turn off Basic auth for Autodiscover after that extension expires. It’s going to take a few weeks to roll this change out. No tenant will be excluded,” the Exchange team explained.

Microsoft notes that customers will be unable to re-enable Autodiscover for end users in their tenants. The company recommends IT admins to plan their deprecation process to avoid any disruptions in the workflow.

by Rabia Noureen
Nov 17, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Connect to Exchange Online Using PowerShell

Jun 9, 2023
Dec 05, 2023
How to Get Started With Exchange Online Archiving

Jun 16, 2023
Aug 11, 2023
How to Whitelist a Domain in Office 365

Jun 5, 2023
Jul 24, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.