Basic Authentication in Exchange Online

October 13th 2020 is an important date this year! Especially for those in the Exchange world. Not only is Exchange 2010 is out of (extended) support, but this is also the date the Microsoft will be turning off Basic Authentication in Exchange Online.

This is quite a big change that can affect users who are still using old mail clients. Microsoft are making this change to help improve security within Exchange Online. The majority of mail clients that are up to date will use Modern Authentication. This is, however, assuming that your tenant is enabled for Modern Authentication (all tenants created before 01/08/2017 will have it turned off by default). If your tenant does have it disabled, there is no reason NOT to enable it. Soon you will have no choice! See this link to enable Modern Authentication.

Microsoft have written an updated article around turning off Basic Authentication, which can be found here. The article goes in to good detail around how to determine what clients are connecting to your tenant using Basic Authentication. It also details the impact of this change within Outlook, POP, IMAP, SMTP and ActiveSync clients.

This article is well worth a read to understand the impact of the change. It will also help identify clients using Basic Authentication to connect in to your tenant. The ability to use Azure AD to understand who has logged in, using which type of client is quite powerful.

I imagine this is just the beginning of the removal of Basic Authentication in Office 365. Microsoft do provide the ability to turn of Legacy Authentication using Conditional Access. This is difficult for many organisations, but should be something that is aimed for. Especially if you are working towards a zero trust Identity solution.

And please, please start to look in to this now! The last thing we all want is some old application to break in October. You know the one! It relies on an Outlook 2010 client connected to Exchange Online….

About the author