Office 365 – Retiring Basic Auth

Microsoft has just released an update about their existing plans to retire basic authentication for Office 365 access on October 13, 2020.
If no action is taken, client applications using Basic Authentication for EWS, EAS, IMAP, POP and RPS may be unable to connect after October 13, 2020.
Any application using OAuth 2.0 (Modern Authentication) and connecting using any of these protocols, will continue to work without change or interruption.
Note: this change does not impact SMTP AUTH, unless your organization has Security Defaults (formerly known as baseline policies) enabled in Azure.

 

But what does this actually mean to for you and your organization!?

 

Both Outlook for Windows and for Mac ARE impacted by Microsoft turning off Basic Auth in Exchange Online. Both clients rely upon Exchange Web Services (EWS) and so if they are still using Basic Auth, they will be affected. Both clients need to be switched to use Modern Auth before October 2020.

 

The good news is that up to date versions of both of those clients fully support Modern Auth and have for several years. Outlook for Windows added support for Modern Auth with the release of Outlook 2013 (though it required a registry key to be enabled) and Outlook 2016 onward have Modern Auth enabled by default. Outlook for Mac has supported Modern Auth since Outlook for Mac 2016.

 

Note, this means if any of your users are using Office 2010, then Outlook 2010 will cease to allow connections to Office 365 email as of October 13, 2020.

Office 2010 should be discontinued as soon as possible, you may contact us to upgrade to Office 365 Business Premium at any time, and we can work to get all of your users the latest and greatest Office 365 desktop and mobile applications!

 

If any of your users are using Office 2013, they may need a registry key changed before that date, and the account re-setup to make sure modern auth is being used.

 

Furthermore, if you started using Office 365 prior to August 1, 2017 then you may need to enable modern auth so that it is an option for use moving forward!

 

If you started using Office 365 after August 1, 2017 and your users are using at least Office 2016, Office 2019, or Office 365 desktop applications, no action should be necessary at this time.

 

Now What?

 

Here are some quick points on how to make sure you can move forward if you’re affected by this change.

 

• You can start updating the client applications your users are using to versions that support OAuth 2.0 today. For mobile device access, there are several email apps available that support Modern Authentication, but we recommend switching to the Outlook app for iOS and Android as we believe it provides the best overall experience for your Office 365 connected users. For desktop/laptop access, we encourage the use of the latest versions of Outlook for Windows and Outlook for Mac. Contact us to get upgraded today!
• If you have written your own code using these protocols, you will need to update your code to use OAuth 2.0 instead of Basic Authentication.
• If you or your users are using a 3rd party application, which uses these protocols, you will either need to:
  • reach out to the 3rd party app developer who supplied this application to update it to support OAuth 2.0 authentication
  • or assist your users to switch to an application that’s built using OAuth 2.0

 

Be Prepared!

 

We do have the ability at your request to run a report (if you subscribe to Azure AD Premium) to see how many users in your organization are using the basic auth that will be retired, or we can check on a case-by-case basis with Outlook to see if it is connecting with modern or basic authentication on Windows.

 

If you would like us to either run these reports or check on a case-by-case basis for any users, please submit a ticket to us, and request the work to be performed and our technicians will start working on it as soon as possible for you!