Microsoft Will Disable Basic Authentication in October 2022
Microsoft recently announced that on October 1, 2022, Basic Auth in all tenants will be permanently disabled, with an exception being made for SMTP Auth. What has changed since Microsoft’s February 2021 announcement about putting this move on hold? In the last announcement, Microsoft stated: ”We have postponed disabling Basic Auth for protocols in active use by your tenant until further notice, but we will continue to disable Basic Auth for any protocols you are not currently using”.
Why has Microsoft decided not to postpone disabling Basic Auth for protocols? Basic authentication is simple and convenient, but it is not safe and secure anymore, and there are now enough alternatives to make it more secure.
What Is Basic Authentication?
Basic authentication (also known as proxy authentication) only requires users to provide a valid username and password, and the username and password are often stored locally on the device. While basic authentication has been the standard for quite some time, this authentication model is now outdated. Today, basic authentication can pose a serious security risk for anyone who still uses it. When operating on an unsecured network, malicious attackers can easily steal these credentials.
Many users who made the transition from on-premise to the cloud still use basic authentication. As of October 1, 2022, Microsoft will no longer include basic authentication as an option, and this means all users will be required to use a more secure authentication method. Users who have yet to make the transition to modern authentication should prepare to do so.
If you are still using basic authentication, then there is a good chance you have already been hacked. Basic authentication makes it easier for malicious actors to access accounts because they don’t have to jump through complex authentication hoops to do so. Basic Authentication cannot handle new methods like OAuth. What is OAuth? OAuth is a way of logging in that allows the use of Multi-Factor, which Basic-Authentication cannot do.
What Happens When Basic Authentication Is Disabled?
- The EWS, EAS, IMAP, POP, and RPS protocols will no longer be addressable through basic authentication
- Outlook 2007 and 2010 (first versions) will no longer connect to Exchange Online
- Printers, copiers, applications, etc. that depend on basic authentication will no longer work unless they can handle OAuth
What Is Modern Authentication?
Modern authentication is a more secure method of identity management because of its ability to offer more secure user authentication and authorization. Modern Authentication is an umbrella term initially defined by Microsoft. Over time, many other companies have defined modern authentication to describe a set of the following:
- Authentication methods (how someone logs into a system)
- Authorization methods (processes that make sure users are not given full access to a system or application by default)
- Conditional access policies (policies that are used to define which devices have access to various services and data sources)
Microsoft has made the decision to disable basic authorization to protect Microsoft Exchange online users. Requiring a more modern authentication method will significantly improve the security of data in your tenant. Enabling multi-factor authentication (MFA) is a challenge when using Basic authentication; therefore, it is often not used at all.
Modern Authentication Will Replace Basic Authentication in Scranton and Wilkes-Barre Workplaces
Modern authentication is what your Scranton or Wilkes-Barre organization should be using going forward. If your organization is running Exchange 2016 and above and you are running hybrid, you can enable modern authentication in Exchange and Microsoft 365. To turn off basic authentication, your organization needs to have the systems and applications needed to support the new authentication method.
Microsoft provides a list of clients that will be supported, and we encourage you to check the list often to ensure that your organization meets the requirements. The clients that are supported are:
- Outlook 2016 for Mac or later
- Mail app for iOS 11.3.1 or later
- Outlook 2013 and later
- Outlook on iOS and Android
When you navigate to the admin portal, you may see an announcement about basic authentication. You may even discover that Microsoft has already disabled it on your tenant, or they have completely turned off basic authentication. If you do not prepare yourself for the transition, you may find yourself struggling to adjust to the changes. Basic authentication will be turned off for the following protocols:
- Exchange Web Services
- Remote PowerShell
- Office Address Book
- SMTP Auth
Microsoft is still going to continue to disable SMTP Auth for tenants who are not using it, but the configuration of any tenant who does use it will not be changed. Your organization should still move away from using Basic and SMTP AUTH if you can because you will still be exposed. SMTP Auth can be disabled at the tenant level and re-enable per-user or per-account. However, once the end-of-life arrives in October 2022, it will be turned off permanently.
How Will The Disabling of Basic Authentication Impact Our Organization?
We understand that October 2022 seems like a long way away, but now is the perfect time to begin your preparations for how this major change will impact your organization. You do not want to wait until Microsoft disables Basic Auth to determine how your organization will move forward.
You will need to decide what is going to happen as it relates to your devices and programs that need access to Exchange Online. What are you going to do if your existing clients are unable to support modern authentication? Do not place the transition to modern authentication at the bottom of your list of things to do because you can quickly run out of time.
The main reason your organization should make the change to modern authentication now is that your data will be at risk with basic authentication. The longer your organization relies on basic authorization, the more you’re putting your organization at risk. If you want to make sure your organization is prepared for what’s to come, reach out to tech42 LLC today to find out how our experts can help your organization make a smooth transition to modern authentication protocols and keep your organization and its sensitive and confidential data.
Schedule a virtual online meeting with a member of our team or call us today at (570) 209-7200 for any Microsoft support and Microsoft networking needs you may have.