Microsoft to Let Admins Temporarily Pause Exchange Online Basic Auth Deprecation
Microsoft is once again notifying customers that it will finally disable basic authentication support in Exchange Online starting October 1, 2022. The company is also giving organizations an option to pause the deprecation of select email connection protocols until the end of this year.
In 2019, Microsoft first announced its plans to retire basic authentication to protect Exchange Online customers from password spray attacks. This change will affect select protocols such as RPC, MAPI, IMAP, POP, Exchange Web Services (EWS), Offline Address Book (OAB), Remote PowerShell, and Exchange ActiveSync (EAS). However, there is an exception for the SMTP AUTH protocol.
Microsoft has been reminding users about this end-of-life date for quite some time and also encouraging them to plan migrations to modern authentication. Despite all the warnings, hundreds of customers are either unaware or not yet ready for this configuration change. The impending retirement of basic authentication will prevent them from connecting to mailboxes with an HTTP 401 error.
Microsoft gives the last chance to re-enable Exchange Online Basic Authentication
To address this issue, Microsoft has decided to let customers request a three-month extension for using basic authentication in their tenant. This means that IT admins will be able to re-enable one or more of the affected protocols via the self-service diagnostic tool. These protocols will continue to work until December 31, but will be permanently disabled in the first week of January 2023.
“This effort has taken three years from initial communication until now, and even that has not been enough time to ensure that all customers know about this change and take all necessary steps. IT and change can be hard, and the pandemic changed priorities for many of us, but everyone wants the same thing: better security for their users and data,” the Exchange team explained.
Microsoft recommends Exchange Online customers to switch apps to certificate-based authentication as soon as possible to avoid any disruptions. Administrators can use authentication policies to block basic authentication in the tenants. Let us know in the comments below if you have already completed the migration process.
More in Exchange Online
Microsoft to Retire Client Access Rules Support in Exchange Online in 2023
Sep 28, 2022 | Rabia Noureen
M365 Changelog: (Updated) block delegates or shared mailbox members from accessing protected messages in Outlook
Sep 28, 2022 | Rabia Noureen
Microsoft Reveals Attackers Used Malicious OAuth Apps to Hack Exchange Online
Sep 27, 2022 | Rabia Noureen
M365 Changelog: (Updated) Upcoming behavior change to the "DoNotRewrite" List
Sep 20, 2022 | Rabia Noureen
M365 Changelog: Announcing the retirement of ‘Office 365 Security and Compliance Center’ (protection.office.com)
Sep 9, 2022 | Rabia Noureen
M365 Changelog: (Updated) TeamSnap Integration for Outlook Web is being retired
Sep 8, 2022 | Rabia Noureen
Most popular on petri