Recently, several customers have been more concerned about Microsoft's announcement to close the Basic Authentication in M365. This issue is actually very easy to be confused in the timeline and scope of the official announcement. I will share some information here after finishing.
First of all, the main impact of turning off Basic Auth is on Exchange Online, and here is also mainly for Exchange Online.
Modern vs. Basic Authentication:
At present, the Tenant of M365 supports both Modern Auth and Basic Auth authentication protocols. Because Basic Auth is not secure enough, and does not support MFA and third-party authentication protocols, Microsoft plans to close Basic Authentication.
When to turn off Basic Auth:
Microsoft Exchagne Team announced on September 20, 2019 that it will close Basic Authentication in Exchange Online on October 13, 2020.
https://techcommunity.microsoft.com/t5/exchange-team-blog/improving-security-together/ba-p/805892
On April 3, 2020, the Exchagne Team announced that due to the impact of the epidemic, the plan to close Basic Auth will be postponed to the second half of 2021 . However , Basic Auth will continue to be closed in tenants newly created after October 13, 2020 and tenants without Usage Reprot .
M365 default security:
In tenants newly created after October 22, 2019, a new Feather called Security Defaults will be turned on by default. If default security is turned on, one of them will turn off Basic Authentication:
- Requiring all users to register for Azure Multi-Factor Authentication.
- Requiring administrators to perform multi-factor authentication.
- Blocking legacy authentication protocols.
- Requiring users to perform multi-factor authentication when necessary.
- Protecting privileged activities like access to the Azure portal.
If the default security is turned on in the tenant, even if it does not reach October 13, 2020, Basic Authentication will be immediately unavailable .
The impact of closing Basic Authentication on EXO:
If the current client uses Basic Auth to use EXO services, the most intuitive manifestation is that the user name and password window will pop up continuously:
- POP and IMAP using Basic Auth authentication will not be available, that is, most of the current POP and IMAP cannot be used normally;
- SMTP: If a third-party application relies on EXO's SMTP service (such as printers, OA systems, etc.), or POP and IMAP clients, the mail will fail to be sent;
ActiveSync client that does not support Modern Auth;
Bacis Auth的Remote Powershell:https://docs.microsoft.com/en-us/powershell/exchange/connect-to-exchange-online-powershell?view=exchange-ps
Office 2013 and previous versions of Office.
solution:
- POP and IMAP: Microsoft has announced support for Oauth authentication protocol for POP and IMAP in Global M365: https://docs.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate -an-imap-pop-smtp-application-by-using-oauth
- SMTP : Basic Auth or continue to support SMTP, you can continue to enable SMTP based on Basic Auth for organizations or individual users in EXO. https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/authenticated-client-smtp-submission
- ActiveSync: It is strongly recommended to use Outlook Mobile APP;
- Remote Powershell:使用支持Modern Auth的EXO Powershell v2:https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps
- Office 2013 and previous versions: upgrade to Office ProPlus or Office 2016 and later versions. For Office 2013, Modern Authentication can be supported by adding a registry. https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/enable-modern-authentication?view=o365-worldwide
In addition, for 21v, there is no specific time to close Basic Authentication, but the international version will be followed, and there will be a certain time delay.