Traditional username and password authentication is convenient for end users but has proven vulnerable to brute force attacks. Microsoft has announced they are taking action to force organizations to improve security posture by deprecating basic authentication in Exchange Online effective October 1st, 2022.
How Can I Tell if My Organization is Still Using Basic Authentication?
Microsoft has been notifying customers still using basic authentication in Message Center. If you (like many customers 😊) ignore those notifications, and are curious if Microsoft deprecating basic authentication impacts you on October 1st, here is how to find out:
- Go to your Microsoft 365 Admin Center
- Login and Select Show All (Below)
- Health -> Message Center
- Search – “Basic Authentication”
- Example of no Basic Authentication:
- Example of Basic Authentication in Use
- Select ‘Basic Authentication – Monthly Usage Report’ to review your organization’s usage
Come October 1st, users in your tenant using Basic Authentication will be unable to access their Exchange Online Mailbox using Basic Authentication.
Microsoft will allow customers to request a one-time extension for basic authentication usage that cannot easily be updated. If you are in a pinch and need help applying for that extension contact us so that we can help you navigate the extension request and create a plan for updating your authentication policies.
If you are looking to improve your security posture and simplify how you secure your Microsoft 365 environment we’d love to connect and talk about how we can help.
See Microsoft’s announcement here – https://learn.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic-authentication-exchange-online
If you’d like block Basic Authentication now here are a few avenues to turn off Basic Authentication:
Microsoft’s Recommendations based on protocol service: