Beginning on October 1st Microsoft will begin retiring the basic authentication procedure for Exchange Online. This will include anyone using Microsoft 365 for Exchange email. The reason for the change is that Basic Authentication is quickly becoming a target for attackers, and Modern Authentication methods are more secure. Here’s an update from Microsoft regarding this.
To answer some common questions you may have:
- No. App passwords will no longer work.
- No, this does not mean MFA must be configured (Although it’s 2022. If you don’t have MFA configured now….)
- No, Basic authentication won’t be disabled for everyone in one go. It’s a phased thing that lasts October until December. By Jan 1, all tenants are disabled.
- Yes, if Outlook is currently using Basic Authentication you have configured it yourself using registry keys.
- Yes, SMTP Auth will also be disabled later on, but only if it’s currently not in use in the tenant. You will have the option to reenable that.
You can read more details about it from Microsoft here.
If you are unsure how this affects your organization then contact us for more information.