Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

PSA: Microsoft to Switch Off Basic Authentication in Exchange Online in January

Microsoft is once again reminding customers that it will permanently turn off Basic Authentication in Exchange Online in early January. The company is pushing organizations to adopt Modern Authentication (OAuth 2.0) as soon as possible.

Three years ago, Microsoft announced its plans to deprecate Basic Authentication support in favor of secure user authentication techniques. Since then, the company has released security updates to move several Microsoft 365 apps to Modern Authentication, including the Outlook desktop and mobile clients.

Microsoft started disabling Basic Authentication support in random Microsoft 365 tenants worldwide in October of this year. Up until now, millions of companies have already moved away from the insecure authentication method, but it seems like many customers are still not ready for the change despite multiple warnings. Consequently, Microsoft allowed IT admins to re-enable select protocols in Exchange Online until the end of the year.

Now, Microsoft has issued a final warning that Basic Authentication will be permanently turned off for various protocols in the first week of January 2023. The change will apply to seven email connection protocols, such as POP, IMAP, MAPI, RPC, Offline Address Book, Remote PowerShell, Exchange Web Services, and Exchange ActiveSync.

“Beginning in early January, we will send Message Center posts to affected tenants about 7 days before we make the configuration change to permanently disable Basic auth use for protocols in scope. Soon after basic auth is permanently disabled, any clients or apps connecting using Basic auth to one of the affected protocols will receive a bad username/password/HTTP 401 error,” the Exchange team explained.

Getting ready for Basic Authentication deprecation in Exchange Online

Basic Authentication is a legacy authentication method that involves sending user credentials in plain text to computer systems. It doesn’t support multi-factor authentication (MFA), making it easier for threat actors to steal credentials via sophisticated cyber attacks.

Microsoft has warned that Exchange Online customers will no longer be able to turn on Basic Authentication starting January 2023. The Exchange team has published a guide to help IT administrators prepare for this change, and you can find more details in this blog post.

by Rabia Noureen
Dec 28, 2022

Rabia comes from a solid IT background and has been writing professionally about Microsoft products and other technology for four years. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on the latest trends in...

How to Connect to Exchange Online Using PowerShell

Jun 9, 2023
Dec 05, 2023
How to Whitelist a Domain in Office 365

Jun 5, 2023
Jul 24, 2023
Microsoft Says Chinese Hackers Compromised Exchange Email Accounts

Jul 13, 2023

Take our survey

PETRI NEWSLETTERS

Join Petri Insider

Create a free account today to participate in forum conversations, comment on posts and more.