365tips.be

Blogs about: Microsoft Teams, backgrounds, Intune, OneDrive, Exchange, Azure AD, Windows 10, Security, Tenant, Exchange, best-practice, tips and & tricks

Basic Authentication for Microsoft Exchange will cease as of Oct. 21, 2022

Basic Authentication for Microsoft Exchange is unfortunately no longer possible as of Oct. 21, 2022.

Why is Microsoft going to do away with this? Because basic authentication is not "more" secure and there are now plenty of alternatives to handle it more securely.

If you are still using basic-authentication today, then you have most likely already been hacked. Using basic-authentication makes it easier for attackers to capture accounts because they don't have to go through complex authentication. Simply explained.

Basic-Authentication cannot handle new methods like OAuth. OAuth is a way to log in that allows you to use Multi-Factor which cannot be done with Basic-Authentication. And I believe that without MFA is definitely not a future because passwords alone are really out of date.

Microsoft is a forerunner when it comes to security. Organizations have taken ample time to roll out MFA and now the old legacy authentication is going out as well.

Microsoft has decided by COVID-19 to move Oct. 13, 2020, to Oct. 21, 2022.

What is basic authentication?

  • Basic authentication is logging in to a service/service with a username and a password.
  • For example, logging into your Microsoft Outlook as shown in this image.
1
Basic authentication pop-up Microsoft Outlook

What is modern authentication?

  • Modern Authentication or Modern Authentication is a smarter way to sign in. Because this gives a better pop-up where you can enter your username and password . More importantly, it additional factors can be used and this is still user-friendly.
1
1

What is the impact of disabling basic authentication?

  • These "protocols" will no longer be addressable via basic-authentication EWS, EAS, IMAP, POP and RPS
  • Your old Android phone will no longer work with the built-in application.
  • Old mail clients, Outlook 2007, 2010 (first versions) can no longer connect to Exchange Online .
  • Printers, Copiers, multi-functionals, applications that still relay via basic authentication will stop working unless they can handle OAuth 2.0. (often not)

How can you measure whether you are still using basic Authentication?

1
  • Click on Add Filters
  • Select Client App
1
  • Select everything except 'Mobile Apps and Desktop Clients'
  • Or filter out fewer if you know they are no longer needed.
  • Browser you may also leave out.
1
  • Now you see a list of applications logging in via Basic-Authentication

Why you should block this?

  • This is what each environment looks like.... (see date, and minutes...)
  • Every other minute there are attempts all over the world on your Office 365 environment. But of course also on your on-premises environment, or other application. Office 365 and Exchange Online are the most widely used platforms in the world.
  • Be sure to do a risk detection through this blog
1

How to enable Modern Authentication in a Microsoft 365 tenant?

Browse To: Settings - Microsoft 365 admin center

At Org Settings -> Modern Authentication, choose.

1

Enable Modern Authentcation here.

1

If you get a different view you can do this selection.

Disable all of the following protocols.

1

What is the best way to respond?

  • Microsoft needs to keep organizations secure. With basic authentication, this is not possible. Exchange Online is the most widely used platform and has the worst security standards in terms of authentication.
  • You can certainly write off this change and think, "Let's keep our Exchange on-premises." But certainly ask yourself the question, "Canyou look into intelligent logging as above?" Is that why you want to stick with your own infrastructure?
  • Cloud is now the future and we should be happy that Microsoft wants to make these security improvements for us to an industry-standard.
  • Phishing is the most common method of attack by hackers
  • Contact vendors and ask to update your application so that it can authenticate with OAuth 2.0

Resources

Related blogs

Block download of O365 files when your device is unknown
Make legacy authentication transparent with Azure Log Analytics
Secure Score for Microsoft Azure | Office 365 Secure Score improve
Recover deleted Exchange emails
How to download and install Windows 11

About the author

Tagged: , , , , , , , , , , , , , Login, , ,
0 0 vote
Article review
Subscribe
Please let us know if there are
guest

4 Comments
Oldest
Latest Most Voted
Inline feedbacks
See all comments
Nombre
Nombre
4 months ago

Está bien ver cómo explica el problema, pero el artículo habría sido útil si abortase cómo realizar el cambio desde el mecanismo anterior al nuevo

Nombre
Nombre
4 months ago

perdón, en el comentario anterior me sobraba un 'no' 🙁

Alfa
Alfa
2 months ago

Buenos dias, cuando comentas que "Desactive todos los protocolos siguientes" se refiere a dejarlo como en la imagen o desactivar todo lo que esta marcado. entiendo que es solo desactivar el Cliente Outlook.

4
0
Would love to know your thoughts, please leave a comment.x
%d bloggers like this: