Menu
▾
▴
#919 Microsoft retiring Basic Authentication for legacy protocols
Hi,
I am running a small business where we use Microsoft Office 365 and have two computers running the Go Contact Sync Mod. I just got this message from Microsoft:
We're making some changes to improve the security of your tenant. We announced in 2019 that we would be retiring Basic Authentication for legacy protocols, and in September 2021, we confirmed that we would begin to disable Basic Authentication for in-use protocols beginning October 2022.
We previously communicated this change via Message Center: MC191153 (Sept. ‘19), MC204828 (Feb. ‘20), MC208814 (April ‘20), MC237741 (Feb. ‘21) and MC286990 (Sep. ’21).
You can always read the latest information about our plans to turn off Basic Authentication here.
Based on our telemetry, there may be some users in your tenant currently using Basic Authentication and we expect these users to be affected when these changes take place.
In the month of February, we detected the following usage:
Exchange ActiveSync: 0
POP: 0
IMAP: 0
Outlook Windows: 2
Outlook for Mac/Exchange Web Services: 0
Exchange Remote PowerShell: 0
Please note these numbers only reflect the count of unique users who have successfully authenticated to these services in the specified month, they do not reflect successful access to mailboxes or data (for example, a user may authenticate using IMAP, but may be denied access to the mailbox due to configuration or policy).
If you want to block users or apps being able to authenticate at all using legacy protocols, we recommend using Authentication Polices.
To investigate this usage further, we recommend you use Azure AD Sign-in Reports which can provide detailed user, IP and client details for these authentications.
How this will affect your organization:
Once this change is made, users in your tenant will be unable to access their Exchange Online mailbox using Basic Authentication and the protocols specified above.
What you need to do to prepare:
We recommend you take steps to investigate the usage of Basic Authentication in your tenant and determine its source. Ask yourself:
Are these known users or apps within your tenant with valid use cases, or are these unexpected authentication attempts, possibly indicating a breach or unauthorized access?
Are these connections from out of date or badly configured applications, requiring upgrade or reconfiguration or are these third party (e.g., external) applications, that are integrated with your Exchange Online tenant?
It’s important to begin to understand the use of Basic Authentication in your tenant before it is switched off beginning October 2022. **
I suspect that the two Basic Authentications used for Outlook Windows stems from your software.
Will this be handled by you in a coming upgrade, or by configuring differently, or will this mean the termination of your software for Office 365 users?
I must admit that I am only an end user, with very limited knowledge in this field, my appologies if this question is irrelevant.
Best regards
Ingvar
