Microsoft plans to discontinue the so-called “basic authentication” for Exchange Online, which is part of the Microsoft 365 and Office 365 product suite.
Applications use this type of authentication to connect to servers or services on the Internet. The user name and password are transmitted unencrypted. Especially a connection without encryption represents a security risk. According to Microsoft, the following services and protocols are affected by the deactivation:
- Exchange ActiveSync (EAS)
- Remote PowerShell
- Exchange Web Services (EWS)
- Offline Address Book (OAB)
- Outlook for Windows und Mac
- SMTP AUTH
Instead of Basic Authentication on Exchange Online, an OAuth 2.0-based procedure is used. Clients need an access token to establish the connection, which is created by an authentication server (at Microsoft). The token has a limited validity period and is specific to the application. The token cannot therefore be reused, which increases security.
POP, IMAP und SMTP AUTH
The POP, IMAP and SMTP protocols are used by email clients and applications to receive (POP and IMAP) and send (SMTP) email messages. In order for this to continue to work in the future, these applications must support the new authentication procedure (Modern Authentication).
Since conzept 16 offers commands for sending e-mails via SMTP on the one hand and alert mails of the database server also run via this protocol on the other hand, vectorsoft is currently working on support for this new procedure.
Date of the planned changeover
Originally, Microsoft announced th e 1st of October 2022 for the transition of its cloud services. In the meantime, however, there is a postponement until the 31st of December of this year. During this period, Microsoft will continue to allow access via basic authentication. The process will then be discontinued completely at the beginning of 2023.